Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1508
Views
0
Helpful
8
Replies

No option to enable SHAv2

WIN PHYO AUNG
Level 1
Level 1

‎12-08-2014 03:10 AM - edited ‎03-07-2019 09:48 PM

Hi,

 

I am checking if my ASA support for the SHAv2. But I couldn't find any option to choose for SHAv2 for the encryption algorithm.

Anyone could suggest how to check if ASA can support SHAv2 and how to enable it?

 

ASA version is 8.4(7)22

 

 

 

Thanks

Labels:
0 Helpful
8 Replies 8

Karsten Iwen
VIP
VIP

‎12-08-2014 04:28 AM

The usage of SHA2 was defined in the TLS1.2 specification which is not yet supported on the ASA. So the best that can be done today is the specification of the tls-version and cipher-string in the following way:

ssl server-version tlsv1-only
ssl encryption dhe-aes256-sha1 aes256-sha1

or, as AES128 is also considered secure:

ssl server-version tlsv1-only
ssl encryption dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1

 

This is all for SSL/TLS. For IPsec IKEv2, SHA2 is supported.

0 Helpful

InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to WIN PHYO AUNG

‎12-08-2014 11:11 PM

https://supportforums.cisco.com/discussion/12070851/cisco-asa-5510-sha-2

 

 

0 Helpful

WIN PHYO AUNG
Level 1
Level 1
In response to InayathUlla Sharieff

‎12-10-2014 01:41 AM

Thanks for sharing InayathUlla Sharieff.

 

Does anyone know if any of existing ASA IOS versions (8.4.x or 9.x) supports TLS v1.2 for SSL?

 

0 Helpful

Karsten Iwen
VIP
VIP
In response to Karsten Iwen

‎12-18-2014 12:50 AM

Just to add:

I would expect that ASA version 9.3.2 will support SHA2 for TLS because starting with that version TLS 1.2 should be supported. This is documented in the AnyConnect 4 release-notes for Android:

TLS 1.2

AnyConnect 4.0 now supports TLS version 1.2 with the following additional cipher suites: 

  • DHE-RSA-AES256-SHA256 
  • DHE-RSA-AES128-SHA256 
  • AES256-SHA256 
  • AES128-SHA256 

Note

AnyConnect TLS 1.2 requires a secure gateway that also supports TLS 1.2, this will be available in ASA 9.3.2 and later. 

0 Helpful

WIN PHYO AUNG
Level 1
Level 1
In response to Karsten Iwen

‎12-18-2014 07:36 PM

Hi Karsten Iwen,

 

Thanks a lot. It helped me a lot.

 

Thanks

Win

0 Helpful

Karsten Iwen
VIP
VIP
In response to Karsten Iwen

‎12-19-2014 03:41 PM

And another addition:

v9.3(2) is available. From now on the ASA also supports TLS 1.2! That took quite long to get there ...

0 Helpful

WIN PHYO AUNG
Level 1
Level 1
In response to Karsten Iwen

‎12-21-2014 07:25 PM

Thanks Man!!!!
 

0 Helpful
Customers Also Viewed These Support Documents