I have a SSL VPN deployed using DigiCert issued certificates.
DigiCert says I have the SHA2 certificate.But Chrome reports that the key exchange mechanism is “Your connection is encrypted with obsolete cryptography” TLS 1.0.
Does this pose a security risk? and how do I get out of this?
My options for cipher-suite are:
2911(config)#ip http secure-ciphersuite ? 3des-ede-cbc-sha Encryption type ssl_rsa_with_3des_ede_cbc_sha ciphersuite des-cbc-sha Encryption type ssl_rsa_with_des_cbc_sha ciphersuite rc4-128-md5 Encryption type ssl_rsa_with_rc4_128_md5 ciphersuite rc4-128-sha Encryption type ssl_rsa_with_rc4_128_sha ciphe
Answer
TLS 1.0 has some known security holes, you should be using TLS 1.1, and preferrably TLS 1.2 if you can.
Your “key exchange mechanism” refers to the protocol you are using TLS/SSL.
http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0
The security concerns for TLS 1.0 is primarily referred to as Heartbleed.
http://en.wikipedia.org/wiki/Heartbleed
I’ve provided you with some sources, so that you can educate yourself on topics. Follow the instructions posted by CJS to help solve your specific dilemma.
Attribution
Source : Link , Question Author : Community , Answer Author : IceMage
