Details

Enable SSL server version to TLS 1.0

Rationale:

Given that the network may be prone to sniffing, the HTTP access to the security appliance must be secured with SSL or TLS protocols. The latest version of SSL that is SSL v3 is now inclined to many vulnerabilities and systems should use at least TLS 1.0 as SSL server version.

Solution

Step 1 Choose Policies > Access Control > SSL.

Step 2 Manage SSL policies: Associate To associate an SSL policy with an access control policy, see Associating Other Policies with Access Control.
Compare Click Compare Policies; see Comparing Policies.
Copy Click the copy icon ().
Create Click New Policy; see Create Basic SSL Policies.
Delete Click the delete icon (). If the controls are dimmed, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.
Deploy Click Deploy; see Deploy Configuration Changes.
Edit Click the edit icon (); see Editing an SSL Policy. If a view icon () appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.
Import/Export See About Configuration Import-Export.
Report Click the report icon (); see Generating Current Policy Reports.

Supportive Information

The following resource is also helpful.

• https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

• 800-53|SC-8(1)

Source

• Tenable.com/audits