09-23-2011 11:27 AM
Hi community
Does anybody know which version of TLS is supported on release 8.4?
Thank you all.
Regards
Jose
09-28-2011 10:56 PM
Hi,
All releases are still at the TLS1.0 version.
Edwin
09-29-2011 05:03 AM
Thank you very much Edwin.
Regards
Jose
10-17-2011 10:35 AM
Would you happen to know which version of ASA software started supporting TLS? I have a friend who is on version 7.02 and is having issues getting TLS to work and I'm trying to help him out. I've started by pointing him to a Smartnet vendor to get an upgrade but just curious when TLS was introduced to the ASA OS.
Thanks
Billy
10-17-2011 09:09 PM
Hi,
No you will need 8.0(3).1 or later for that.
Edwin
10-18-2011 02:38 AM
How is that?
According to the command reference, 7.0 does support TLSv1:
http://www.cisco.com/en/US/partner/docs/security/asa/asa70/command/reference/s.html#wp1539932
BTW
Herbert
10-18-2011 03:06 AM
Yes, you are correct.
Cisco has contradictory documentation on that, but they highly recommend version 8 and higher:
"We highly recommend ASA 8.0(x) software release or later, but you can also use 7.2(x)."
http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html#wp147071
Edwin
10-18-2011 03:29 AM
Well, saying 7.0 is supported and 8.0 is recommended is not contradictory, right? :)
If you do spot any real contradictions let me know (or use the "provide feedback" link on the page where you find it).
BTW the you sentence you quote is from the section "Apple IPsec and L2TP/IPsec Clients" so it does not apply to SSL/TLS. Having said that, I would personnaly recommend 8.0 or later indeed (for anything really ).
Herbert
10-18-2011 05:22 AM
I would actually prefer to get him up on version 8 but need to check the min requirements. The 5510 he has only has 256Mb of RAM and 64Mb of flash. I had him disable esmpt inspect yesterday and he had some success in getting the request to partially work using www.checktls.com so he's thinking he needs a cert on his edge server to get it working. I think by disabling the esmpt inspect it corrected his problem or at least seems the FW is passing the traffic now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide