Re: SSL Ciphers List

jefmartins1208 · ‎09-24-2018

Hello,

I bought an ASA5506-X, and I am not able to access ASDM.

SSL Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I use command

show ssl ciphers all

and show only those two.

DES-CBC-SHA, NULL-SHA

How to add others?

slicerpro · ‎09-24-2018

You are lacking all the cipher suites. fix this by the command:

"ssl encryption 3des-sha1 aes128-sha1 aes256-sha1"

..without the quote marks of course.

jefmartins1208 · ‎09-24-2018

It does not work, command is deprecated.

slicerpro · ‎09-24-2018

Wasn't sure which version you were on, but beginning 9.3(2), 'ssl encryption' command was deprecated, try 'ssl cipher' instead.

jefmartins1208 · ‎09-24-2018

It is in version 9.8. I tried to use the ssl cipher and put a different option from the previous ones it does not support.

slicerpro · ‎09-25-2018

What is the output of "show run all ssl" ?

Marvin Rhoads · ‎09-25-2018

It most likely wasn't ordered with the (free) 3DES-AES license. (i.e., the ordering SKU ended with K8 instead of K9)

Check via "show activation-key".

If indeed you don't have that license, go to software.cisco.com and get one.