Ssl version, Generated certificate key size, Apply/cancel – Cisco VPN 3002 User Manual
Page 90: Reminder
8-12
VPN 3002 Hardware Client Reference
OL-1893-01
Chapter 8 Management Protocols
Configuration | System | Management Protocols | SSL
SSL Version
Click the drop-down menu button and select the SSL version to use. SSL Version 3 has more security
options than Version 2, and TLS (Transport Layer Security) Version 1 has more security options than
SSL Version 3. Some clients that send an SSL Version 2 “Hello” (initial negotiation), can actually use a
more secure version during the session. Telnet/SSL clients usually can use only SSL Version 2.
Choices are:
•
Negotiate SSL V2/V3 = The server tries to use SSL Version 3 but accepts Version 2 if the client can
not use Version 3. This is the default selection. This selection works with most browsers and
Telnet/SSL clients.
•
SSL V3 with SSL V2 Hello = The server insists on SSL Version 3 but accepts an initial Version 2
“Hello.”
•
SSL V3 Only = The server insists on SSL Version 3 only.
•
SSL V2 Only = The server insists on SSL Version 2 only. This selection works with most
Telnet/SSL clients.
•
TLS V1 Only = The server insists on TLS Version 1 only. At present, only Microsoft Internet
Explorer 5.0 supports this option.
•
TLS V1 with SSL V2 Hello = The server insists on TLS Version 1 but accepts an initial SSL Version
2 “Hello.” At present, only Microsoft Internet Explorer 5.0 supports this option.
Generated Certificate Key Size
Click the drop-down menu button and select the size of the RSA key that the VPN 3002 uses in its
self-signed (generated) SSL server certificate. A larger key size increases security, but it also increases
the processing necessary in all transactions over SSL. The increases vary depending on the type of
transaction (encryption or decryption).
Choices are:
•
512-bit RSA Key = This key size provides sufficient security. It is the most common, and requires
the least processing.
•
768-bit RSA Key = This key size provides normal security and is the default selection. It requires
approximately 2 to 4 times more processing than the 512-bit key.
•
1024-bit RSA Key = This key size provides high security. It requires approximately 4 to 8 times
more processing than the 512-bit key.
Apply/Cancel
To apply your SSL settings, and to include your settings in the active configuration, click Apply. The
Manager returns to the initial Login screen.
Reminder:
To save the active configuration and make it the boot configuration, click the Save Needed icon at the
top of the Manager window.
To discard your settings, click Cancel. The Manager returns to the Configuration | System | Management
Protocols screen.