ASDM 5.2 User Guide
Configuring SSL Settings
Download this chapter
Configuring SSL SettingsConfiguring SSL Settings
Download the complete book
Cisco ASDM User Guide, 5.2Cisco ASDM User Guide, 5.2 (PDF - 10 MB)
 Feedback

Table Of Contents

Configuring SSL Settings

SSL

Edit SSL Trustpoint


Configuring SSL Settings

SSL

The security appliance uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS) to achieve secure message transmission for both ASDM and WebVPN sessions. The SSL window lets you configure SSL versions for clients and servers and encryption algorithms. It also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback trustpoint for interfaces that do not have an associated trustpoint.

Fields

Server SSL Version—Choose to specify the SSL/TLS protocol version the security appliance uses when acting as a server. You can make only one selection.

Options for Server SSL versions include the following:

Any

The security appliance accepts SSL version 2 client hellos, and negotiates either SSL version 3 or TLS version 1.

Negotiate SSL V3

The security appliance accepts SSL version 2 client hellos, and negotiates to SSL version 3.

Negotiate TLS V1

The security appliance accepts SSL version 2 client hellos, and negotiates to TLS version 1.

SSL V3 Only

The security appliance accepts only SSL version 3 client hellos, and uses only SSL version 3.

TLS V1 Only

The security appliance accepts only TLSv1 client hellos, and uses only TLS version 1.


Note To use WebVPN port forwarding, you must select Any or Negotiate SSL V3. The issue is that JAVA only negotiates SSLv3 in the client Hello packet when you launch the Port Forwarding application.

Client SSL Version—Choose to specify the SSL/TLS protocol version the security appliance uses when acting as a server. You can make only one selection.

Options for Client SSL versions include the following:

any

The security appliance sends SSL version3 hellos, and negotiates either SSL version 3 or TLS version 1.

sslv3-only

The security appliance sends SSL version 3 hellos, and accepts only SSL version 3.

tlsv1-only

The security appliance sends TLSv1 client hellos, and accepts only TLS version 1.


Encryption—Lets you set SSL encryption algorithms.

Available Algorithms—Lists the encryption algorithms the security appliance supports that are not in use for SSL connections. To use, or make active, an available algorithm, highlight the algorithm and click Add.

Active Algorithms—Lists the encryption algorithms the security appliance supports and is currently using for SSL connections. To discontinue using, or change an active algorithm to available status, highlight the algorithm and click Remove.

Add/Remove—Click to change the status of encryption algorithms in either the Available or Active Algorithms columns.

Move Up/Move Down—Highlight an algorithm and click these buttons to change its priority. The security appliance attempts to use an algorithm

Trustpoints—Lets you select a fallback trustpoint, and displays configured interfaces and the configured trustpoints associated with them. To enroll a trustpoint, go to Configuration > Properties > Certificate > Enrollment.

Fallback Trustpoint—Click to select a trustpoint to use for interfaces that have no trustpoint associated with them. If you select None, the security appliance uses the default RSA key-pair and certificate.

Note The trustpoint must have a certificate associated with it to display in this drop-down list.

Interface and Trustpoint columns—Display configured interfaces and the trustpoint, if any, for the interface.

Edit—Click to change the trustpoint for the highlighted interface.

Apply—Click to apply your changes.

Reset—Click to remove changes you have made and reset SSL parameters to the values that they held when you opened the window.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Edit SSL Trustpoint

Fields

Interface—Displays the name of the interface you are editing.

Enrolled Trustpoint—Click to select a previously enrolled trustpoint to associate with the named interface.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System