Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

ASA 5500-x: ASDM and other SSL function do not work out of the box




When  starting to configure a new ASA 5500-x platform running 8.6(1) code,  many of us have had issues running ASDM on the management port. The  browser does not load ASDM.



This is seen on ASA 5500-X boxes that have a factory config.



This seems to be caused by the pressense of the following config:


ssl encryption des-sha1

Most browsers will reject the SSL connection with that cipher choice.



First make sure that you have the correct license installed and then correct the config line:


no ssl encryption des-sha1
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Community Member

I was stuck in my datacenter for over 2 hours trying to get this to work until I found this link.

Thank you!

It worked like a charm


Community Member

Thanks a billion, its almost embarassing how long i have been troubleshooting this issue.


This one caught me too. 30 minutes of head scratching.

Thanks for posting!

Community Member

Had this issue with a brand-new ASA-5505 right out of the box. This fix did the trick. Thank you.

ASDM v6.4(5)

ASA v8.2(5)

ciscoasa# sh ru ssl

ssl encryption des-sha1

ciscoasa# conf t

ciscoasa(config)# no ssl encryption des-sha1

ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

ciscoasa(config)# exit

ciscoasa# sh ru ssl

ciscoasa#        <---doesn't show anything, so it's assumed at default setting.


Wow, glad I found this one, I was going nuts thinking I did something wrong in the setup. Works!


works a treat thanks

THANK YOU !!!!!!!!!!!!! 

2 hours I thought I was going crazy , I appreciate the effort and the info

you are a life saver


Ahhh, thats why my Anyconnect doesnt work, and webvpn too.

Why the hell but cisco that crap on a ASA Box -> ssl encryption des-sha1

thanks, solution worked

Even while doing SSH, putty was giving an error attached.

Shouldnt Cisco upgrade the security levels in brand new asa boxes ?





Community Member

To me either...

I can't do work this, please, help me.

I have a new ASA5545-x, and I can't connect by SSL



I had a similar issue.


SSL encrytion is an old command so I made the following changes to get the ASDM to work when i  was reciving the following error: Received fatal alert: handshake_failure


no ssl cipher tlsv1.2 high

ssl cipher tlsv1.2 fips ( I actually used custom but changing it to fips first)


Thanks a lot for this finding. I faced the same issue.

Content for Community-Ad