[Ach] Cicso ASA Settings commited

Aaron Zauner azet at azet.org
Tue Nov 26 15:59:15 CET 2013


On 26 Nov 2013, at 15:55, ianG <iang at iang.org> wrote:

> On 26/11/13 16:58 PM, Aaron Zauner wrote:
>> Hi,
>> 
>> I’ve just committed the Cisco ASA Settings I played around with during the last weeks. Unfortunately one needs to enable non-DHE settings if Java is set-up without Java Crypto Extensions (JCE) - you’ll lock yourself out of the appliance otherwise. Should I mention this seperately? With JCE installed this can be neglected.
> 
> 
> Please say more?  I generally recommend not using the JCE if you can avoid it…
Java 7 does not support DHE per default - So if you use ASDM to configure your ASA and disable non-DHE SSL/TLS cipher suites it won’t be able to reconnect. Other than that, I did not see any impact for users.

Whats wrong with JCE? (I hate Java [code] so my knowledge of it’s crypto extension pack is very limited)

>> Please review!
> 
> Where do I read the latest copy?  Hopefully not on git, I've run out of budget for warring with git…

Someone would need to generate the PDF and up it to the website then :)

(@Aaron/Adi: Please do so)

Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131126/48c560b6/attachment.sig>


More information about the Ach mailing list