We support SHA.
Here is the list of supported ciphers.
CSS11503(config-ssl-proxy-list[gdufour])# ssl-server 1 cipher ?
all-cipher-suites
dhe-dss-export1024-with-rc4-56-sha
rsa-export1024-with-rc4-56-sha
dhe-dss-export1024-with-des-cbc-sha
rsa-export1024-with-des-cbc-sha
dh-anon-export-with-des40-cbc-sha
dh-anon-export-with-rc4-40-md5
dhe-rsa-export-with-des40-cbc-sha
dhe-dss-export-with-des40-cbc-sha
rsa-export-with-des40-cbc-sha
rsa-export-with-rc4-40-md5
dhe-dss-with-rc4-128-sha
dh-anon-with-3des-ede-cbc-sha
dh-anon-with-des-cbc-sha
dh-anon-with-rc4-128-md5
dhe-rsa-with-3des-ede-cbc-sha
dhe-rsa-with-des-cbc-sha
dhe-dss-with-3des-ede-cbc-sha
dhe-dss-with-des-cbc-sha
rsa-with-3des-ede-cbc-sha
rsa-with-des-cbc-sha
rsa-with-rc4-128-sha
rsa-with-rc4-128-md5
For the parameters, the CSS uses a slightly modified version of openssl. So, if openssl has the option to set 160 bit parameters, we will have it too.
I assume this is done by setting the apppropriate option in the dhparam file.
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a008040ad80.html#wp999050
Regards,
Gilles.