cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4895
Views
5
Helpful
6
Replies

Does ACE service module support SHA2(256) certificates

guilty_2
Level 1
Level 1

Hello,

Does anyone know if ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00

1 Accepted Solution

Accepted Solutions

litrenta
Level 3
Level 3

Not supported on ACE. There are plans for SHA2 support specifically for

verification of certificates signed with SHA2 family algorithms (SHA224
through 512) on the ACE 30 module coming out later this year. This will not be supported on current ACE modules.

View solution in original post

6 Replies 6

litrenta
Level 3
Level 3

Not supported on ACE. There are plans for SHA2 support specifically for

verification of certificates signed with SHA2 family algorithms (SHA224
through 512) on the ACE 30 module coming out later this year. This will not be supported on current ACE modules.

hmmm...thats not very encouraging. I expected that it would at least be supported in software. Thanks for replying

Just received a reply on my TAC:

SHA-2 support will not be added to either of the A2 or A3 code trains.
However,
In the next release (4.x) release we will be adding SHA2 support
specifically for verification of certificates signed with SHA2 family
algorithms (SHA224 through 512). The current ETA for this code version
is Q4CY 2010 (ie: between now and Christmas).

correct note that 4.x software will not run on the current ace modules, only on the new

ACE 30 modules coming out at the same time, and on the existing ACE appliance.

paulgilbody
Level 1
Level 1

I can't find any updates on this - can someone advise if the ACE 4710 can or will support SHA-2 now or in the near future? Specifically SHA-512?

Thanks

ACE 4710 running A4 code supports sha-512 for verification of certs signed with this algorithm. It does not support negotiation of sha-2 cipher specs in ssl termination.