Thank you very much Edwin.

Regards

Jose

Would you happen to know which version of ASA software started supporting TLS? I have a friend who is on version 7.02 and is having issues getting TLS to work and I'm trying to help him out. I've started by pointing him to a Smartnet vendor to get an upgrade but just curious when TLS was introduced to the ASA OS.

Thanks

Billy

Hi,

No you will need 8.0(3).1 or later for that.

Edwin

How is that?

According to the command reference, 7.0 does support TLSv1:

http://www.cisco.com/en/US/partner/docs/security/asa/asa70/command/reference/s.html#wp1539932

BTW

Herbert

Yes, you are correct.

Cisco has contradictory documentation on that, but they highly recommend version 8 and higher:

"We highly recommend ASA 8.0(x) software release or later, but you can also use 7.2(x)."

http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html#wp147071

Edwin

Well,  saying 7.0 is supported and 8.0 is recommended is not contradictory, right? :)

If you do spot any real contradictions let me know (or use the "provide feedback" link on the page where you find it).

BTW the you sentence you quote is from the section "Apple IPsec and L2TP/IPsec Clients" so it does not apply to SSL/TLS. Having said that, I would personnaly recommend 8.0 or later indeed (for anything really ).

Herbert

I would actually prefer to get him up on version 8 but need to check the min requirements. The 5510 he has only has 256Mb of RAM and 64Mb of flash. I had him disable esmpt inspect yesterday and he had some success in getting the request to partially work using www.checktls.com so he's thinking he needs a cert on his edge server to get it working. I think by disabling the esmpt inspect it corrected his problem or at least seems the FW is passing the traffic now.