04-20-2010 10:40 AM - edited 03-11-2019 10:35 AM
I'm trying to access my box ASA 5540 by https://ipaddress but I can't. I'm using Linux. I already have installed ASDM (when it works) and I can enter in the box by ASDM.
The Mozilla show the message: "Error code: ssl_error_no_cypher_overlap".
But I was looking and I did these tests.
OS | Internet Explorer 7 and 8 | Mozilla Firefox 3.6 | Google Chrome |
---|---|---|---|
Linux | doesn't work | doesn't work | doesn't work |
Windows XP | Works Fine | doesn't work | Works Fine |
Windows Vista / Windows 7 | doesn't work | doesn't work | doesn't work |
I've already clear all configuration of browsers, reboot the box, reboot the machines, re-generate a crypto key on ASA, enable and disable the http server and didn't work.
st02/sec/act# sh run http
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 external
st02/sec/act# sh run asdm
asdm image disk0:/asdm-625.bin
asdm history enable
Looking to ASA log it possible see:
6|Apr 20 2010|14:01:19|725001|192.168.100.100|35539|||Starting SSL handshake with client external:172.28.7.94/35539 for TLSv1 session.
Can anyone help with this situation.
Solved! Go to Solution.
04-20-2010 02:42 PM
Check the output of: sh run all ssl
Make sure you have all the combinations of ssl encryption algorithm as per the following:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1406272
ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1
04-20-2010 12:40 PM
Hi,
You might checked on this - but just incase, For Mozilla, I found the below...
https://support.mozilla.com/en-US/forum/1/585826
hth
MS
04-20-2010 02:42 PM
Check the output of: sh run all ssl
Make sure you have all the combinations of ssl encryption algorithm as per the following:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1406272
ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1
06-11-2010 12:06 PM
the command
ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1
solve the problem. Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: