AnsweredAssumed Answered

Verify Enabled Cipher Suites in HTTPS Inspection

Question asked by Jessa Haines on Dec 21, 2017
Latest reply on Feb 13, 2018 by Dameon Welch Abernathy

Happy Holidays everyone -

 

This is regards to: R77.30 Gateway on Take_286

 

Can anyone guide me to a command or configuration setting within IPS (or wherever it resides) for what Cipher Suites we currently have enabled for HTTPS Inspection?

 

In a nutshell, we are evaluating TCP Dump data as we are not able to load a particular site on our network. It appears our firewall is sending SSLv3.0 @ Hello and the responding Client, not server, is basically just sending us an SYN ACK back in return that we sent prior to the hello. This site does NOT support anything other then TLS 1.2. We want to confirm our cipher suites for 1.2 have a match with the list we have grabbed from the SSL test we ran on their site.

 

The command i found on a similar article (i thought) was: cat /opt/CPshrd-R77/registry/HKLM_registry.data | grep -i cptls

 

Which resulted in me getting:

 

cptls_ec_p384 (1)
cptls_accept_ecdhe (1)
....propose
cptls_accept_ecdsa (1)
....propose

 

I cannot figure out what this means as both propose and accept are being listed. Is their documentation on this formatting/response? Any help is appreciated.


Thanks in advance.

Outcomes