cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
41070
Views
44
Helpful
14
Replies

Cisco ASA 5505 SSL/HTTPS/ASDM Won't work, Cipher fail

davebornack
Level 1
Level 1

Does my device not support enough encryption to get ASDM/SSL/HTTP working?

First time I've ever seen this...:

%ASA-7-609001: Built local-host inside:192.168.1.10
%ASA-7-609001: Built local-host identity:192.168.1.1
%ASA-6-302013: Built inbound TCP connection 13 for inside:192.168.1.10/61194 (192.168.1.10/61194) to identity:192.168.1.1/443 (192.168.1.1/443)
%ASA-6-725001: Starting SSL handshake with client inside:192.168.1.10/61194 for TLSv1 session.
%ASA-7-725010: Device supports the following 1 cipher(s).
%ASA-7-725011: Cipher[1] : DES-CBC-SHA
%ASA-7-725008: SSL client inside:192.168.1.10/61194 proposes the following 11 cipher(s).
%ASA-7-725011: Cipher[1] : DHE-DSS-AES256-SHA
%ASA-7-725011: Cipher[2] : AES256-SHA
%ASA-7-725011: Cipher[3] : DHE-RSA-AES256-SHA
%ASA-7-725011: Cipher[4] : DHE-RSA-AES128-SHA
%ASA-7-725011: Cipher[5] : DHE-DSS-AES128-SHA
%ASA-7-725011: Cipher[6] : RC4-MD5
%ASA-7-725011: Cipher[7] : RC4-SHA
%ASA-7-725011: Cipher[8] : AES128-SHA
%ASA-7-725011: Cipher[9] : EDH-RSA-DES-CBC3-SHA
%ASA-7-725011: Cipher[10] : EDH-DSS-DES-CBC3-SHA
%ASA-7-725011: Cipher[11] : DES-CBC3-SHA
%ASA-7-725014: SSL lib error. Function: SSL3_GET_CLIENT_HELLO Reason: no shared cipher
%ASA-6-302014: Teardown TCP connection 13 for inside:192.168.1.10/61194 to identity:192.168.1.1/443 duration 0:00:00 bytes 7 TCP Reset by appliance
%ASA-7-609002: Teardown local-host inside:192.168.1.10 duration 0:00:00
%ASA-7-609002: Teardown local-host identity:192.168.1.1 duration 0:00:00

14 Replies 14

Panos Kampanakis
Cisco Employee
Cisco Employee