History of SSL / TLS
9.7(x) No new encryption or cipher features
9.6(x) No new encryption or cipher features
9.5(x) No new encryption or cipher features
9.4(2) Support for ECDHE- ECDSA ciphers in TLSv1.2
9.3(2) Support for TLSv1.2 is added. SSLv3 is depreciated.
9.1(2) & 8.4(4.1) Additional ephemeral Diffie-Hellman ciphers for SSL were added.
- ASA OS 9.4(2) introduced support for twelve (12) new Diffie Hellman ciphers. ssl ecdh-group command was added. ECDSA and DSE ciphers are the highest priority.
- ASA OS 9.3(2) and later have SSLv3 depreciated, however SSLv3 is still able to be configured but the ASA will display a warning. As of this writing SSLv3 should never be used. This version also introduced support for TLSv1.1 and TLSv1.2. SSL commands were modified and several new SSL commands were introduced. The command ssl encryption was depreciated.
- ASA OS 9.1(2) & 8.4(4.1) introduced support for two (2) DHE ciphers. DHE-AES128-SHA1 DHE-AES256-SHA1
Time to renew your SSL cert?
Check out this document for how to create an ECDSA Key Pair and CSR.
Check out this document for how to enable elliptical curve cipher suites on your ASA.
Revisions
Version | Date | Change |
1.0 | March 2016 | Original Document |
1.1 | April 22, 2017 | Updated for 9.5(x), 9.6(x) & 9.7(x) |