AES/3DES High and AES Medium are recommended for FIPS deployment. NOTE: If you are using the IC6500 FIPS version, you can choose High, Medium, or Low security cipher suites. This is typically a limitation of the browser’s capability.
NOTE: When using 168-bit encryption, some Web browsers may still show 128-bit encryption (the gold lock on the browser status bar) even though the connection is 168-bit. If you select the AES/3DES option, the system gives preference to 256-bit AES over 3DES.
Pulse secure ssl vpn update#
You can require users who have older browsers that use SSL version 2 to update their browsers, or you can change this setting to allow SSL version 2, SSL version 3, and TLS. The system honors this setting for all Web server traffic and all types of clients. By default, the system requires SSL version 3 and TLS. Specify encryption requirements for clients. See the Connect Secure FIPS Level 1 Feature Guide. Table 117: SSL Options Configuration GuidelinesĮnable FIPS mode. Both ciphers are lower in priority over the other widely used cipher suites. In the Custom SSL Cipher configuration, TLS_DHE_RSA_WITH_AES_128_CBC_SHA is available only when AES-Medium is selected and TLS_DHE_RSA_WITH_AES_256_CBC_SHA is available only when AES-High is selected. Only TLS_DHE_RSA_WITH_AES_256_CBC_SHA is available with the Accept 168-bit and greater option. RSA server certificate is required for these ciphers. Both these ciphers use RSA for server authentication and ephemeral Diffie-Hellman (DHE) for key exchange. TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA cipher suites are supported. We recommend that you use the default security settings, which provide maximum security, but you may need to modify these settings if your users cannot use certain browsers or access certain Web pages.
Use the System > Configuration > Security > SSL Options page to change the default security settings. You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > System Management > Network and Host Administration > Configuring SSL Options Configuring SSL Options