Solved: ASDM Encryption - Windows XP

Michael Judge · ‎02-21-2014

Hi guys,

We currently are starting to change our remote access to SSL VPN. During testing I have noticed that XP will not work with the stronger encryption methods. It seems that it needs one out of the two out of RC4-SHA1 or 3DES-SHA1.

I have had a look around but cant find real definitive answers. Could you guys give me some tips of advantages and disadvantages of the two or let me know if i should just steer well clear of allowing these encryption methods to be used on our firewall.

Thanks for all your help,

MJ

James Leinweber · ‎02-24-2014

RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5. E.g.

https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.

-- Jim Leinweber, WI State Lab of Hygiene

View solution in original post

James Leinweber · ‎02-24-2014

RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5. E.g.

https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.

-- Jim Leinweber, WI State Lab of Hygiene

Michael Judge · ‎02-25-2014

Thanks James for the info, we are going to stick with 3DES-SHA1 for the next few months until XP support is dropped in June 2014.

Much appreciated,

MJ