https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712865#M917898 <P>Thank you for the reply</P><P>I have "No SSL trust-points configured" on another ASA and i can connect to this device with HTTPs.?</P><P>&nbsp;</P><P>&nbsp;</P><P>With regards</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 Jul 2015 13:35:16 GMT aleksandarsofranic 2015-07-13T13:35:16Z https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712863#M917896 <P>Hello i am wondering i cannot access my ASDM from my browser i had thought it was java, as it was at the end, so i downgraded it to version 6.</P><P>But because Java v6 doesn't allow me to use other programs i need to have an ASDM which can be used with java 8.</P><P>So i upgraded my asdm to asdm-731-101-1 and upgraded java but it doesn't work. I think what is make the problem is the connection configuration on the ASA itself which is as follows</P><P>&nbsp;</P><P>Accept connections using SSLv3 and negotiate to SSLv3<BR />Start connections using SSLv3 and negotiate to SSLv3<BR />Enabled cipher order: aes128-sha1 aes256-sha1<BR />Disabled ciphers: 3des-sha1 des-sha1 rc4-md5 rc4-sha1 null-sha1<BR />No SSL trust-points configured<BR />Certificate authentication is not enabled</P><P>&nbsp;</P><P>Can this pose a problem with connection through the browser?</P><P>&nbsp;</P><P>With regards</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 21 Feb 2020 13:31:41 GMT https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712863#M917896 aleksandarsofranic 2020-02-21T13:31:41Z https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712864#M917897 <P>"<SPAN style="font-size: 14.3999996185303px;">No SSL trust-points configured</SPAN>"</P><P>You need to have at least the self-signed certificate setup. ASDM uses https under the covers and if the ASA does not have a trustpoint bound to an interface (i.e trustpoint), https will not be able to establish a secure session.</P> Mon, 13 Jul 2015 13:30:41 GMT https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712864#M917897 Marvin Rhoads 2015-07-13T13:30:41Z https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712865#M917898 <P>Thank you for the reply</P><P>I have "No SSL trust-points configured" on another ASA and i can connect to this device with HTTPs.?</P><P>&nbsp;</P><P>&nbsp;</P><P>With regards</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 Jul 2015 13:35:16 GMT https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712865#M917898 aleksandarsofranic 2015-07-13T13:35:16Z https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712866#M917899 <P>When you browse to the ASA (via <A href="https://&lt;ASA" target="_blank">https://&lt;ASA</A> address&gt;/admin), what do you get?</P> Mon, 13 Jul 2015 13:37:09 GMT https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712866#M917899 Marvin Rhoads 2015-07-13T13:37:09Z https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712867#M917900 <P>This is what i get&nbsp;</P><P>&nbsp;</P><P>ERR_SSL_VERSION_OR_CIPHER_MISMATCH</P> Mon, 13 Jul 2015 13:43:34 GMT https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712867#M917900 aleksandarsofranic 2015-07-13T13:43:34Z https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712868#M917901 <P>You should be able to connect using AES-256. I think the problem is your ASA is not negotiating to TLSv1 or greater and thus your browser is refusing the SSLv3-only setup you have.</P> <P>Try this in config mode:</P> <PRE> ssl server-version tlsv1.2</PRE> Mon, 13 Jul 2015 13:57:21 GMT https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712868#M917901 Marvin Rhoads 2015-07-13T13:57:21Z https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712869#M917902 <P>Thank you for the quick reply. I will get back to you asap.</P><P>With regards</P> Tue, 14 Jul 2015 07:59:19 GMT https://community.cisco.com/t5/network-security/asa-5510-ssl-server-client-version-problem-with-opening-in/m-p/2712869#M917902 aleksandarsofranic 2015-07-14T07:59:19Z