1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Sets the SSL encryption algorithm to AES 256

Rationale:

Given that the network may be prone to sniffing, the HTTP access to the security appliance must be secured with SSL or TLS protocols. A secure encryption algorithm must be used.

Solution

For version 8.x, run the following command to enable AES 256 algorithm

HOSTNAME(CONFIG)# SSL ENCRYPTION AES256-SHA1

For version 9.x, run the following command to enable AES 256 algorithm

HOSTNAME(CONFIG)# SSL CIPHER TLSV1 CUSTOM AES256-SHA

See Also

https://benchmarks.cisecurity.org/tools2/cisco/CIS_Cisco_Firewall_Benchmark_v4.0.0.pdf