Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

History of SSL / TLS encryption and Diffie Hellman on Cisco ASA 9.x




History of SSL / TLS 

9.7(x) No new encryption or cipher features 

9.6(x) No new encryption or cipher features 

9.5(x) No new encryption or cipher features 

9.4(2) Support for ECDHE- ECDSA ciphers in TLSv1.2

9.3(2) Support for TLSv1.2 is added. SSLv3 is depreciated.
9.1(2) & 8.4(4.1) Additional ephemeral Diffie-Hellman ciphers for SSL were added.


  • ASA OS 9.4(2) introduced support for twelve (12) new Diffie Hellman ciphers.  ssl ecdh-group command was added. ECDSA and DSE ciphers are the highest priority. 
  • ASA OS 9.3(2) and later have SSLv3 depreciated, however SSLv3 is still able to be configured but the ASA will display a warning. As of this writing SSLv3 should never be used. This version also introduced support for TLSv1.1 and TLSv1.2. SSL commands were modified and several new SSL commands were introduced. The command ssl encryption was depreciated.
  • ASA OS 9.1(2) & 8.4(4.1) introduced support for two (2) DHE ciphers. DHE-AES128-SHA1 DHE-AES256-SHA1


Time to renew your SSL cert?

Check out this document for how to create an ECDSA Key Pair and CSR. 

Check out this document for how to enable elliptical curve cipher suites on your ASA.



1.0March 2016Original Document
1.1April 22, 2017Updated for 9.5(x), 9.6(x) & 9.7(x)


Content for Community-Ad