08-18-2015 01:24 AM
Hello,
I am searching for SHA-256 support in SSL VPN for the Cisco ASA , what is the supported model/software as i can't see it in the available encryption algorithms in ASA 5500.
Thanks,
Ibrahim
08-18-2015 01:55 AM
Hi Ibrahim,
Referencing release notes for ASA http://goo.gl/RQpDLC :-
The SSL SHA-2 digital signature capability for authentication of AnyConnect SSL VPN sessions (Versions 2.5.1 and above) is not currently supported on ASA Version 8.2.4, yet it is supported in all 8.2.4.x interim releases. The feature was introduced in ASA interim Version 8.2.3.9.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
08-18-2015 02:23 AM
sorry , is this mean it is supported in this version only or it is also supported in above versions (for example, 9.x)?
08-18-2015 02:28 AM
It is supported in all the versions above 8.4.X releases.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
08-18-2015 06:29 AM
but I can see only sha1 available in SSL encryption algorithms , is there command to enable it?
08-18-2015 07:51 AM
What version of code is your ASA5500 running?
I have this on an ASA running 9.1(5)
protocol esp integrity sha-512 sha-384 sha-256 sha-1 md5
HTH
Rick
08-18-2015 08:08 AM
but this refer to IPSEC , I am talking about SSL VPN with Anyconnect.
08-18-2015 08:52 AM
This is from a different router and shows SHA256 for SSL
sho ssl cipher high
ECDHE-ECDSA-AES256-GCM-SHA384 (tlsv1.2)
ECDHE-RSA-AES256-GCM-SHA384 (tlsv1.2)
DHE-RSA-AES256-GCM-SHA384 (tlsv1.2)
AES256-GCM-SHA384 (tlsv1.2)
ECDHE-ECDSA-AES256-SHA384 (tlsv1.2)
ECDHE-RSA-AES256-SHA384 (tlsv1.2)
DHE-RSA-AES256-SHA256 (tlsv1.2)
AES256-SHA256 (tlsv1.2)
HTH
Rick
08-18-2015 08:54 AM
Yes, but from ASA I can see sha1 only.
08-18-2015 08:57 AM
What version of code is your ASA running?
HTH
Rick
08-18-2015 09:09 AM
9.1.5
01-18-2016 11:12 AM
Hello,
I was just wondering if you had any chance of getting that fixed. I am running ASA ver 9.1 and have the same issue
05-25-2017 11:20 AM
Hi
Per this link you need to upgrade your ios at least to 9.3 and then following commands will fix your issue:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/release/notes/asarn93.html
ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher tlsv1.2 custom "AES128-SHA DHE-RSA-AES128-SHA AES256-SHA DHE-RSA-AES256-SHA AES128-SHA256 DHE-RSA-AES128-SHA256 AES256-SHA256 DHE-RSA-AES256-SHA256"
11-13-2015 10:45 AM
any update on this? were you able to resolve it are set the SSL VPN to SHA-256. I have a similar issue.
01-18-2016 11:21 AM
I found out my problem was that our SSL certs were not being generated correctly. Once the cert was set for SHA-256, and imported the ASA, the ASA displayed the correct algorithm.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide