Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3463
Views
0
Helpful
7
Replies

CRYPTO: The ASA hardware accelerator encountered an error (Invalid PKCS Type, Pad, or Length, code= 0x1B) while executing the command PKCS1 v1.5 RSA Decrypt (> 1024 bits) (0x102).

klaus.hacke
Level 1
Level 1

‎06-20-2017 12:37 AM

Hello,

does anybody seen this message and know how to solve?

Have a ASA 5555 with version 9.6(3)1 and this message comes up during I try to connect with Cisco AnyConnect Secure Mobility Client. Authentication Method is "Certificate" only.

Message from Cisco AnyConnect Secure Mobility Client is "No valid certificates available for authentication".

Regards

Klaus

5 people had this problem
Labels:
0 Helpful
7 Replies 7

Greg Gizinski
Level 1
Level 1

‎06-25-2018 12:22 PM

Did you resolve this issue? We're seeing the same thing.
0 Helpful

rajkuma8
Level 1
Level 1
In response to Greg Gizinski

‎07-12-2018 06:17 AM

Hi, can you please share "sh run all ssl" output from your ASA.

0 Helpful

Greg Gizinski
Level 1
Level 1
In response to rajkuma8

‎07-12-2018 07:35 AM

ssl server-version tlsv1.1
ssl client-version tlsv1.1
ssl cipher default fips
ssl cipher tlsv1 fips
ssl cipher tlsv1.1 fips
ssl cipher tlsv1.2 fips
ssl cipher dtlsv1 fips
ssl dh-group group2
ssl ecdh-group group19
ssl trust-point ASDM_TrustPoint0 EXTERNAL
ssl trust-point ASDM_TrustPoint0 INTERNAL
ssl certificate-authentication fca-timeout 2

0 Helpful

rajkuma8
Level 1
Level 1
In response to Greg Gizinski

‎07-13-2018 06:45 AM

Do you face any issue connecting to Any-connect or you see these error logs only? Looking at the ciphers I see you should be able connect with any-connect.

0 Helpful

Jesse Peden
Level 1
Level 1

‎10-08-2019 01:34 PM

I have a VERY similar error on mine, with a slight difference being that mine has the words "with CRT" and the last checksum is 0x202 instead of 102.  I'm running 9.8(4)8 on mine, so maybe the error is slightly more verbose.

 

"CRYPTO: The ASA hardware accelerator encountered an error (Invalid PKCS Type, Pad, or Length, code= 0x1B) while executing the command PKCS1 v1.5 RSA Decrypt with CRT (> 1024 bits) (0x202)"

0 Helpful

Jesse Peden
Level 1
Level 1
In response to rogerro

‎01-26-2022 11:03 AM

That is not valid for my particular case.  The certificate used with AnyConnect is perfectly fine and is exactly the same certificate used on multiple webservers we have.  This is a bug, not an issue with a certificate.

0 Helpful
Customers Also Viewed These Support Documents