Details
Enable SSL server version to TLS 1.2
Rationale:
Given that the network may be prone to sniffing, the HTTP access to the security appliance must be secured with SSL or TLS protocols. The latest version of SSL that is SSL v3 is now inclined to many vulnerabilities and systems should use at least TLS 1.2 as SSL server version.
Solution
For version 8.x, run the following command to enable AES 256 algorithm
hostname(config)# ssl encryption aes256-sha1
For version 9.x, run the following command to enable AES 256 algorithm
hostname(config)# ssl cipher tlsv1.2
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.