There are various cipher suites available in the CSS for encrypting SSL traffic (if you have the SSL module, that is…). You can choose which to support and weight them in your SSL proxy list if you don’t agree with Cisco’s interpretation of which should be used first.
A customer just asked me what key length the “rsa-with-3des-ede-cbc-sha” cipher used, since most of the other cipher names have a key-length in their name, but this one doesn’t. Also, confusingly, browsers didn’t seem to agree on what was in use either – IE6 said it was 128-bit, Firefox said 168-bit and IE7 didn’t say anything at all/
So I did a bit of exploring to find out what 3DES was all about. Read the rest of this entry »