This is what i get ERR_SSL

aleksandarsofranic · ‎07-13-2015

Hello i am wondering i cannot access my ASDM from my browser i had thought it was java, as it was at the end, so i downgraded it to version 6.

But because Java v6 doesn't allow me to use other programs i need to have an ASDM which can be used with java 8.

So i upgraded my asdm to asdm-731-101-1 and upgraded java but it doesn't work. I think what is make the problem is the connection configuration on the ASA itself which is as follows

Accept connections using SSLv3 and negotiate to SSLv3
Start connections using SSLv3 and negotiate to SSLv3
Enabled cipher order: aes128-sha1 aes256-sha1
Disabled ciphers: 3des-sha1 des-sha1 rc4-md5 rc4-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled

Can this pose a problem with connection through the browser?

With regards

Marvin Rhoads · ‎07-13-2015

"No SSL trust-points configured"

You need to have at least the self-signed certificate setup. ASDM uses https under the covers and if the ASA does not have a trustpoint bound to an interface (i.e trustpoint), https will not be able to establish a secure session.

aleksandarsofranic · ‎07-13-2015

Thank you for the reply

I have "No SSL trust-points configured" on another ASA and i can connect to this device with HTTPs.?

With regards

Marvin Rhoads · ‎07-13-2015

When you browse to the ASA (via https://<ASA address>/admin), what do you get?

aleksandarsofranic · ‎07-13-2015

This is what i get

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Marvin Rhoads · ‎07-13-2015

You should be able to connect using AES-256. I think the problem is your ASA is not negotiating to TLSv1 or greater and thus your browser is refusing the SSLv3-only setup you have.

Try this in config mode:

ssl server-version tlsv1.2

aleksandarsofranic · ‎07-14-2015

Thank you for the quick reply. I will get back to you asap.

With regards

ASA 5510 SSL SERVER/CLIENT VERSION PROBLEM WITH OPENING IN BROWSER