Is there a way to disable SSLV3 on a cisco ASA 5505?

Due to sslv3 vulnerability,  i need to disable sslv3 on a Cisco ASA 5505.  Is there a way to do this?  Thanks for your help.
GoNatsAsked:
Who is Participating?
 
btanExec ConsultantCommented:
Kindly see Cisco guidelines - http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/asdm52/user/guide/user/ssl.html

You would need to allow TLS only- ASA(config)# ssl client-version tlsv1-only
OR reference this
To disable SSLv3, do something like this:

parameter-map type ssl PARAMMAP_SSL
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  cipher RSA_WITH_AES_256_CBC_SHA priority 3
  version TLS1

ssl-proxy service SSL_PSERVICE_SERVER
  ssl advanced-options PARAMMAP_SSL

(Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)
https://supportforums.cisco.com/discussion/12326341/sslv3-poodle-vulnerability

there is also Cisco advice in addressing the Poodle vulnerability, include tools. But note that disabling the SSLv3 protocol may impact connectivity or interoperability with some clients and servers.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.