cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
609
Views
0
Helpful
1
Replies

ACE20 LoadBalancer and SHA 2

netops2014
Level 1
Level 1

HI All,

 

We have a ACE20 Module (ACE20-MOD-K9) running IOS (system Image : C6ACE-T1K9-MZ.A2_2_3.bin).

Its installed in our WS-C6513. We have some important services being Load Balanced and with Google ceasing support for SHA1, we are now

faced with the possibility of these services getting cert errors upon login at the end of Jan 2015?

 

Has anyone had any experience/luck with getting SHA 2 to work on these Modules? We have checked and SHA 2 is "not supported" on ACE20, but

was wondering if anyone had any suggestions or workarounds?

 

I have heard that it may work but is not supported? Is this true?

When logging onto the ACE context and trying to generate a cipher, I only get the following options:

 

Router1(config-parammap-ssl)# cipher ?

  RSA_EXPORT1024_WITH_DES_CBC_SHA  Accept RSA_EXPORT1024_WITH_DES_CBC_SHA cipher

  RSA_EXPORT1024_WITH_RC4_56_MD5   Accept RSA_EXPORT1024_WITH_RC4_56_MD5

cipher

  RSA_EXPORT1024_WITH_RC4_56_SHA   Accept RSA_EXPORT1024_WITH_RC4_56_SHA

cipher

  RSA_EXPORT_WITH_DES40_CBC_SHA    Accept RSA_EXPORT_WITH_DES40_CBC_SHA

cipher

  RSA_EXPORT_WITH_RC4_40_MD5       Accept RSA_EXPORT_WITH_RC4_40_MD5

cipher

  RSA_WITH_3DES_EDE_CBC_SHA        Accept RSA_WITH_3DES_EDE_CBC_SHA

cipher

  RSA_WITH_AES_128_CBC_SHA         Accept RSA_WITH_AES_128_CBC_SHA

cipher

  RSA_WITH_AES_256_CBC_SHA         Accept RSA_WITH_AES_256_CBC_SHA

cipher

  RSA_WITH_DES_CBC_SHA             Accept RSA_WITH_DES_CBC_SHA cipher

  RSA_WITH_RC4_128_MD5             Accept RSA_WITH_RC4_128_MD5 cipher

  RSA_WITH_RC4_128_SHA             Accept RSA_WITH_RC4_128_SHA cipher

 

thanks

NetOPs

1 Accepted Solution

Accepted Solutions

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

SHA2 support is not available in A2 or A3 sw versions and won't be added either. The work around would be to use the ssl parameter map and use only MD5 ciphers. 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

SHA2 support is not available in A2 or A3 sw versions and won't be added either. The work around would be to use the ssl parameter map and use only MD5 ciphers. 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: