Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3389
Views
5
Helpful
2
Replies

Any connect SSL vpn support for SHA2

sathish.ippani
Level 1
Level 1

‎11-13-2014 05:38 AM

Hi Everyone,

 

Please let me know if we can use sha2 for anyconnect ssl vpn (client and client less).

 

If we can use sha2, please let me know how configure the same.

 

We are using certificate with sha1, RSA 2048key length.

 

Labels:
0 Helpful
2 Replies 2

ajiddima
Level 1
Level 1

‎11-14-2014 02:43 AM

Hi,

 

Sha2 is supported from 8.2.5 onwards, check the release notes below:

 

http://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html

 

------Snippet from the link above-----

SSL SHA-2 digital signature

You can now use of SHA-2 compliant signature algorithms to authenticate SSL VPN connections that use digital certificates. Our support for SHA-2 includes all three hash sizes: SHA-256, SHA-384, and SHA-512. SHA-2 requires AnyConnect 2.5(1) or later (2.5(2) or later recommended). This release does not support SHA-2 for other uses or products.

Caution: To support failover of SHA-2 connections, the standby ASA must be running the same image.

We modified the following command: show crypto ca certificate (the Signature Algorithm field identifies the digest algorithm used when generating the signature).

We did not modify any screens.

Also available in Version 8.2(5).

 

0 Helpful

ghostinthenet
Level 7
Level 7

‎11-15-2014 06:36 AM

As @ajiddima has indicated, if you're running 8.2, the 8.2.5 release added support for SHA-2, but this was for AnyConnect SSL only. If you're running 8.3, there is no support at all and you should upgrade to 8.4.2, which supports SHA-2 for all applications. Same story if you're on 8.4.1. Anything newer than than 8.4 and you're good.

Customers Also Viewed These Support Documents