Information
Enable and disable TLS versions and Cipher suites for more granular control of SSL VPN connections and enforcing more secure connections.
Rationale:
Limiting TLS versions to more secure versions as well as enforcing stronger ciphers increases the security of the SSL VPN connections
Solution
CLI:
config vpn ssl settings
set ssl-max-prot-ver *** {Configure max TLS Version supported}
set ssl-min-proto ver *** {set minimum support TLS version}
set banned-cipher *** {add cipher suite to banned list and prevent it from being used}
set algorithm high {use high algorithms}
Default Value:
ssl-max-proto-ver : tls1-3 ssl-min-proto-ver : tls1-2 banned-cipher : algorithm : high