Cisco CSS cipher key strength

16 08 2007

There are various cipher suites available in the CSS for encrypting SSL traffic (if you have the SSL module, that is…).  You can choose which to support and weight them in your SSL proxy list if you don’t agree with Cisco’s interpretation of which should be used first.

A customer just asked me what key length the “rsa-with-3des-ede-cbc-sha” cipher used, since most of the other cipher names have a key-length in their name, but this one doesn’t.  Also, confusingly, browsers didn’t seem to agree on what was in use either – IE6 said it was 128-bit, Firefox said 168-bit and IE7 didn’t say anything at all/

So I did a bit of exploring to find out what 3DES was all about. Read the rest of this entry »

Advertisements




CSS alternatives to IOS commands

4 06 2007

Here are some notes I made on the CSS equivalents to commonly-used IOS commands.

Note – this is based on software version 8.1, but is probably fine with versions 7.x of CSS code. Read the rest of this entry »