1.7.2 Ensure 'TLS 1.2' is set for HTTPS access

Information

Enable SSL server version to TLS 1.2

Rationale:

Given that the network may be prone to sniffing, the HTTP access to the security appliance must be secured with SSL or TLS protocols. The latest version of SSL that is SSL v3 is now inclined to many vulnerabilities and systems should use at least TLS 1.2 as SSL server version.

Solution

For version 8.x, run the following command to enable AES 256 algorithm

hostname(config)# ssl encryption aes256-sha1

For version 9.x, run the following command to enable AES 256 algorithm

hostname(config)# ssl cipher tlsv1.2

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv7|14.4

Plugin: Cisco

Control ID: bcfc2e05eabb2323b5618cfd6ce6e356fcfeea858475998ffcd17708c4c6e414