CHAPTER
75-1
Cisco ASA 5500 Series Configuration Guide using ASDM
75
Configuring SSL Settings
SSL
Configuration > Properties > SSL
The ASA uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security
(TLS) to achieve secure message transmission for both ASDM and Clientless, browser-based sessions.
The SSL window lets you configure SSL versions for clients and servers and encryption algorithms. It
also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback
trustpoint for interfaces that do not have an associated trustpoint.
Fields
• Server SSL Version—Choose to specify the SSL/TLS protocol version the ASA uses to negotiate
as a server. You can make only one selection.
Options for Server SSL versions include the following:
Note To use port forwarding for Clientless SSL VPN, you must select Any or Negotiate SSL V3. The issue is
that JAVA only negotiates SSLv3 in the client Hello packet when you launch the Port Forwarding
application.
• Client SSL Version—Choose to specify the SSL/TLS protocol version the ASA uses to negotiate
as a client. You can make only one selection.
Options for Client SSL versions include the following:
Any The ASA accepts SSL version 2 client hellos, and negotiates either SSL
version 3 or TLS version 1.
Negotiate SSL V3 The ASA accepts SSL version 2 client hellos, and negotiates to SSL version
3.
Negotiate TLS V1 The ASA accepts SSL version 2 client hellos, and negotiates to TLS version
1.
SSL V3 Only The security appliance accepts only SSL version 3 client hellos, and uses
only SSL version 3.
TLS V1 Only The security appliance accepts only TLSv1 client hellos, and uses only TLS
version 1.