cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2970
Views
0
Helpful
7
Replies

CRYPTO: The ASA hardware accelerator encountered an error (Invalid PKCS Type, Pad, or Length, code= 0x1B) while executing the command PKCS1 v1.5 RSA Decrypt (> 1024 bits) (0x102).

klaus.hacke
Level 1
Level 1

Hello,

does anybody seen this message and know how to solve?

Have a ASA 5555 with version 9.6(3)1 and this message comes up during I try to connect with Cisco AnyConnect Secure Mobility Client. Authentication Method is "Certificate" only.

Message from Cisco AnyConnect Secure Mobility Client is "No valid certificates available for authentication".

Regards

Klaus

7 Replies 7

Greg Gizinski
Level 1
Level 1
Did you resolve this issue? We're seeing the same thing.

Hi, can you please share "sh run all ssl" output from your ASA.

ssl server-version tlsv1.1
ssl client-version tlsv1.1
ssl cipher default fips
ssl cipher tlsv1 fips
ssl cipher tlsv1.1 fips
ssl cipher tlsv1.2 fips
ssl cipher dtlsv1 fips
ssl dh-group group2
ssl ecdh-group group19
ssl trust-point ASDM_TrustPoint0 EXTERNAL
ssl trust-point ASDM_TrustPoint0 INTERNAL
ssl certificate-authentication fca-timeout 2

Do you face any issue connecting to Any-connect or you see these error logs only? Looking at the ciphers I see you should be able connect with any-connect.

Jesse Peden
Level 1
Level 1

I have a VERY similar error on mine, with a slight difference being that mine has the words "with CRT" and the last checksum is 0x202 instead of 102.  I'm running 9.8(4)8 on mine, so maybe the error is slightly more verbose.

 

"CRYPTO: The ASA hardware accelerator encountered an error (Invalid PKCS Type, Pad, or Length, code= 0x1B) while executing the command PKCS1 v1.5 RSA Decrypt with CRT (> 1024 bits) (0x202)"

That is not valid for my particular case.  The certificate used with AnyConnect is perfectly fine and is exactly the same certificate used on multiple webservers we have.  This is a bug, not an issue with a certificate.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: