sorry , is this mean it is supported in this version only or it is also supported in above versions (for example, 9.x)?

It is supported in all the versions above 8.4.X releases.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

but I can see only sha1 available in SSL encryption algorithms , is there command to enable it?

What version of code is your ASA5500 running?

I have this on an ASA running 9.1(5)

protocol esp integrity sha-512 sha-384 sha-256 sha-1 md5

HTH

Rick

but this refer to IPSEC , I am talking about SSL VPN with Anyconnect.
 

This is from a different router and shows SHA256 for SSL

sho ssl cipher high
  ECDHE-ECDSA-AES256-GCM-SHA384 (tlsv1.2)
  ECDHE-RSA-AES256-GCM-SHA384 (tlsv1.2)
  DHE-RSA-AES256-GCM-SHA384 (tlsv1.2)
  AES256-GCM-SHA384 (tlsv1.2)
  ECDHE-ECDSA-AES256-SHA384 (tlsv1.2)
  ECDHE-RSA-AES256-SHA384 (tlsv1.2)
  DHE-RSA-AES256-SHA256 (tlsv1.2)
  AES256-SHA256 (tlsv1.2)

HTH

Rick

Yes, but from ASA I can see sha1 only.

What version of code is your ASA running?

HTH

Rick

9.1.5

Hello,

I was just wondering if you had any chance of getting that fixed. I am running ASA ver 9.1 and have the same issue

Hi

Per this link you need to upgrade your ios at least to 9.3 and then following commands will fix your issue:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/release/notes/asarn93.html

ssl server-version tlsv1.2
ssl client-version tlsv1.2

ssl cipher tlsv1.2 custom "AES128-SHA DHE-RSA-AES128-SHA AES256-SHA DHE-RSA-AES256-SHA AES128-SHA256 DHE-RSA-AES128-SHA256 AES256-SHA256 DHE-RSA-AES256-SHA256"

I found out my problem was that our SSL certs were not being generated correctly.  Once the cert was set for SHA-256, and imported the ASA, the ASA displayed the correct algorithm.