Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5112
Views
4
Helpful
9
Replies

TLSv1.1 or 1.2 support on ASA 5540

Virtusa Administrator
Level 1
Level 1

‎10-22-2014 02:14 AM - edited ‎03-11-2019 09:58 PM

Hi Team,

Currently we are using SSL3.0 of firewall for exposing one of the intranet portal to outside users. We want to enable TLSv1.1 or 1.2.

According to the output ssl server-version , we have only these options:

any, sslv3, sslv3-only, tlsv1, tlsv1-only.

our appliance is running following image :

 

Cisco Adaptive Security Appliance Software Version 8.2(5)

What measures have to be taken to subside this issue?

Regards,

HYD

 

 

 

Labels:
0 Helpful
9 Replies 9

Karsten Iwen
VIP
VIP

‎10-22-2014 03:49 AM

It seems that the ASA is a little behind in supporting the latest crypto. On my devices I configured "tls1-only" for the "ssl server-version" to make sure that no older SSL-versions are used. In addition to that I configured the ssl-cipers the following way:

ssl encryption dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1

But I'm pretty sure that the older 8.2(5) versions don't yet support the more modern dhe-crypto.

Virtusa Administrator
Level 1
Level 1
In response to Karsten Iwen

‎10-22-2014 04:01 AM

@Karsten: Thanks for your reply. How about version 9.0(2). Does that support this feature (TLSv1.1 or 1.2)

Regards,

HYD

0 Helpful

Karsten Iwen
VIP
VIP
In response to Virtusa Administrator

‎10-22-2014 04:12 AM

no, it's not even in the 9.1 (tested) or 9.2/9.3 (untested, but there are no changes documented).

It's still only TLSv1.0.

0 Helpful

Virtusa Administrator
Level 1
Level 1
In response to Karsten Iwen

‎10-22-2014 04:14 AM

ahh Thanks a lot ..I hope this gets fixed in the future releases.

0 Helpful

Karsten Iwen
VIP
VIP
In response to Virtusa Administrator

‎10-22-2014 04:21 AM

Hope is all that we can have ... ;-) Just remember that v1.2 is brand new, just six years old ... ;-) But I'm confident that sooner or later the ASA will support TLSv1.2.

0 Helpful

Nikhil Thakur
Cisco Employee
Cisco Employee

‎03-24-2015 05:58 PM

TLSv1.2 is now supported starting ASA 9.3(2) release and above which is available now on CCO.

 

For your reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html#pgfId-157788

 

HTH!

 

P.S.: Please rate the post if it helped or accept the reply as solution if answered.

 

0 Helpful

Virtusa Administrator
Level 1
Level 1
In response to Nikhil Thakur

‎03-25-2015 07:31 AM

Thanks nikhil for the update. Let me check the reference you shared :)
0 Helpful

Nikhil Thakur
Cisco Employee
Cisco Employee
In response to Virtusa Administrator

‎03-26-2015 03:27 PM

Hi,

Glad I was able to help.

Please mark the reply as 'Answered' and rate the post if it helped.

 

0 Helpful

Karsten Iwen
VIP
VIP
In response to Virtusa Administrator

‎03-26-2015 11:50 PM

But sadly, your ASA (and many of mine) will not get this version. It's only available on the -X models.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card