Anyconnect FIPS problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 10:17 AM - edited 02-21-2020 09:31 PM
Hi All,
I am using Anyconnect client 4.6 and trying to use ECDSA certificates. I've enabled FIPS mode in the local policy, but the client will not select any ECDSA certs in the store, if I put an RSA cert in it will let me choose it. I'm not convinced that FIPS mode is working. The cisco docs mentioned registry keys that would be modified when FIPS is enabled but this doesn't seems to be the case. Have tried on multiple machines, win7 and 10.
If I use the browser to connect to the ASA clientless, it uses the ECDSA cert, so it seems to be a client issue.
Has anyone experienced this?
Any suggestions appreciated.
- Labels:
-
AnyConnect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 10:43 AM
AnyConnect currently only supports ECDSA Client certificates for IKEv2. SSL/TLS will be supported in the 4.7 release tentative for sometime in December 2018.
Are you testing this with IKEv2, or SSL?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 01:27 PM
Hi, many thanks for the reply.
We are using SSL, and did at first think it was unsupported, but in the ‘Enable FIPS in the Local Policy’ chapter of the 4.6 guide, it’s been edited to add ‘Suite B cryptography is available for TLS/DTLS and IKEv2/IPsec VPN connections’ and the TLS/DTLS limitations section have been removed. I assumed this meant SSL was now supported in 4.6, Is this not the case then?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 09:50 PM
Many thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2018 05:56 AM
Hi,
I work for the AnyConnect escalation team so I have access to the release info.
Thanks,
Steve S.
