topic Thanks nikhil for the update. in Network Security

TLSv1.1 or 1.2 support on ASA 5540

Virtusa Administrator — Tue, 12 Mar 2019 04:58:20 GMT

Hi Team,

Currently we are using SSL3.0 of firewall for exposing one of the intranet portal to outside users. We want to enable TLSv1.1 or 1.2.

According to the output ssl server-version , we have only these options:

any, sslv3, sslv3-only, tlsv1, tlsv1-only.

our appliance is running following image :

Cisco Adaptive Security Appliance Software Version 8.2(5)

What measures have to be taken to subside this issue?

Regards,

HYD

It seems that the ASA is a

Karsten Iwen — Wed, 22 Oct 2014 10:49:41 GMT

It seems that the ASA is a little behind in supporting the latest crypto. On my devices I configured "tls1-only" for the "ssl server-version" to make sure that no older SSL-versions are used. In addition to that I configured the ssl-cipers the following way:

ssl encryption dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1

But I'm pretty sure that the older 8.2(5) versions don't yet support the more modern dhe-crypto.

@Karsten: Thanks for your

Virtusa Administrator — Wed, 22 Oct 2014 11:01:39 GMT

@Karsten: Thanks for your reply. How about version 9.0(2). Does that support this feature (TLSv1.1 or 1.2)

Regards,

HYD

no, it's not even in the 9.1

Karsten Iwen — Wed, 22 Oct 2014 11:12:12 GMT

no, it's not even in the 9.1 (tested) or 9.2/9.3 (untested, but there are no changes documented).

It's still only TLSv1.0.

ahh Thanks a lot ..I hope

Virtusa Administrator — Wed, 22 Oct 2014 11:14:44 GMT

ahh Thanks a lot ..I hope this gets fixed in the future releases.

Hope is all that we can have

Karsten Iwen — Wed, 22 Oct 2014 11:21:47 GMT

Hope is all that we can have ... 😉 Just remember that v1.2 is brand new, just six years old ... 😉 But I'm confident that sooner or later the ASA will support TLSv1.2.

TLSv1.2 is not supported in

Nikhil Thakur — Wed, 25 Mar 2015 00:58:57 GMT

TLSv1.2 is now supported starting ASA 9.3(2) release and above which is available now on CCO.

For your reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html#pgfId-157788

HTH!

P.S.: Please rate the post if it helped or accept the reply as solution if answered.

Thanks nikhil for the update.

Virtusa Administrator — Wed, 25 Mar 2015 14:31:06 GMT

Thanks nikhil for the update. Let me check the reference you shared 🙂

Hi,Glad I was able to help

Nikhil Thakur — Thu, 26 Mar 2015 22:27:53 GMT

Hi,

Glad I was able to help.

Please mark the reply as 'Answered' and rate the post if it helped.

But sadly, your ASA (and many

Karsten Iwen — Fri, 27 Mar 2015 06:50:09 GMT

But sadly, your ASA (and many of mine) will not get this version. It's only available on the -X models.