cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
0
Helpful
2
Replies

ASDM Encryption - Windows XP

Michael Judge
Level 1
Level 1

Hi guys,

We currently are starting to change our remote access to SSL VPN. During testing I have noticed that XP will not work with the stronger encryption methods. It seems that it needs one out of the two out of RC4-SHA1 or 3DES-SHA1.

I have had a look around but cant find real definitive answers. Could you guys give me some tips of advantages and disadvantages of the two or let me know if i should just steer well clear of allowing these encryption methods to be used on our firewall.

Thanks for all your help,

MJ

1 Accepted Solution

Accepted Solutions

James Leinweber
Level 4
Level 4

RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5.  E.g.

https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.

-- Jim Leinweber, WI State Lab of Hygiene

View solution in original post

2 Replies 2

James Leinweber
Level 4
Level 4

RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5.  E.g.

https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.

-- Jim Leinweber, WI State Lab of Hygiene

Thanks James for the info, we are going to stick with 3DES-SHA1 for the next few months until XP support is dropped in June 2014.

Much appreciated,

MJ

Review Cisco Networking for a $25 gift card