How can I alter what ciphers are used with the Graphical User Interface (GUI)? Can I disable SSL v2 for the GUI?

Introduction

This document describes how to view and change what ciphers are used in conjunction with the Graphical User Interface (GUI) on the Cisco Email Security Appliance (ESA).

How can I alter what ciphers are used with the Graphical User Interface (GUI)? Can I disable SSL v2 for the GUI?

SSL protocols and ciphers advertised for incoming GUI connections can be configured with the sslconfig command.  You can specify which ssl method is used specifically for GUI SSL communication.

Example:

myesa.local> sslconfig

sslconfig settings:
 GUI HTTPS method: sslv3tlsv1
 GUI HTTPS ciphers: RC4-SHA:RC4-MD5:ALL
 Inbound SMTP method: sslv3tlsv1
 Inbound SMTP ciphers: RC4-SHA:RC4-MD5:ALL
 Outbound SMTP method: sslv3tlsv1
 Outbound SMTP ciphers: RC4-SHA:RC4-MD5:ALL

Choose the operation you want to perform:
- GUI - Edit GUI HTTPS ssl settings.
- INBOUND - Edit Inbound SMTP ssl settings.
- OUTBOUND - Edit Outbound SMTP ssl settings.
- VERIFY - Verify and show ssl cipher list.
[]> GUI

Enter the GUI HTTPS ssl method you want to use.
1. SSL v2.
2. SSL v3 
3. TLS v1 
4. SSL v2 and v3
5. SSL v3 and TLS v1
6. SSL v2, v3 and TLS v1
[5]> 2

Enter the GUI HTTPS ssl cipher you want to use.
[RC4-SHA:RC4-MD5:ALL]> 

Return to the main CLI and commit all changes.

Related Information

• Cisco Email Security Appliance - End-User Guides
• Technical Support & Documentation - Cisco Systems