https://community.cisco.com/t5/network-security/asdm-encryption-windows-xp/m-p/2450305#M269201 <P>Hi guys,</P><P></P><P>We currently are starting to change our remote access to SSL VPN. During testing I have noticed that XP will not work with the stronger encryption methods. It seems that it needs one out of the two out of RC4-SHA1 or 3DES-SHA1. </P><P></P><P>I have had a look around but cant find real definitive answers. Could you guys give me some tips of advantages and disadvantages of the two or let me know if i should just steer well clear of allowing these encryption methods to be used on our firewall.</P><P></P><P>Thanks for all your help, </P><P>MJ</P> Tue, 12 Mar 2019 03:48:38 GMT Michael Judge 2019-03-12T03:48:38Z https://community.cisco.com/t5/network-security/asdm-encryption-windows-xp/m-p/2450305#M269201 <P>Hi guys,</P><P></P><P>We currently are starting to change our remote access to SSL VPN. During testing I have noticed that XP will not work with the stronger encryption methods. It seems that it needs one out of the two out of RC4-SHA1 or 3DES-SHA1. </P><P></P><P>I have had a look around but cant find real definitive answers. Could you guys give me some tips of advantages and disadvantages of the two or let me know if i should just steer well clear of allowing these encryption methods to be used on our firewall.</P><P></P><P>Thanks for all your help, </P><P>MJ</P> Tue, 12 Mar 2019 03:48:38 GMT https://community.cisco.com/t5/network-security/asdm-encryption-windows-xp/m-p/2450305#M269201 Michael Judge 2019-03-12T03:48:38Z https://community.cisco.com/t5/network-security/asdm-encryption-windows-xp/m-p/2450306#M269202 <HTML><HEAD></HEAD><BODY><P>RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5.&nbsp; E.g.</P><P><A class="jive-link-external-small" href="https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx">https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx</A></P><P></P><P>So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1. </P><P></P><P>-- Jim Leinweber, WI State Lab of Hygiene</P></BODY></HTML> Mon, 24 Feb 2014 16:29:55 GMT https://community.cisco.com/t5/network-security/asdm-encryption-windows-xp/m-p/2450306#M269202 James Leinweber 2014-02-24T16:29:55Z https://community.cisco.com/t5/network-security/asdm-encryption-windows-xp/m-p/2450307#M269203 <HTML><HEAD></HEAD><BODY><P> Thanks James for the info, we are going to stick with 3DES-SHA1 for the next few months until XP support is dropped in June 2014.</P><P></P><P>Much appreciated,</P><P>MJ</P></BODY></HTML> Tue, 25 Feb 2014 08:44:29 GMT https://community.cisco.com/t5/network-security/asdm-encryption-windows-xp/m-p/2450307#M269203 Michael Judge 2014-02-25T08:44:29Z