02-07-2020 02:30 PM
hey everyone
I have an FTD1010 Firewall with an ASA 9.13(1) installed on it
am having a problem with my SSL VPN
I checked a little and I found that I have only one cipher which is DES-CBC-SHA
this is the output of my show SSL ciphers
Current cipher configuration:
default (low):
DES-CBC-SHA
tlsv1 (low):
DES-CBC-SHA
tlsv1.1 (low):
tlsv1.2 (low):
dtlsv1 (low):
dtlsv1.2 (low):
aren't there supposed to be more algorithms ?
Solved! Go to Solution.
02-11-2020 11:19 PM
hello everyone
i found the solution the moment that i connected the FTD to the Cisco Cloud for Licensing procedure the SSL Ciphers were available
thank you all for your help
02-07-2020 02:54 PM
Hi,
Does it permit you to change the SSL ciphers? If not what license do you have?
For example:-
ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher default high
ssl cipher tlsv1.2 high
ssl dh-group group24
HTH
02-07-2020 03:17 PM
yes it does permit and am waiting for my smart license
i have another ASA 5506X that already has the ssl ciphers with out even using the license.
02-08-2020 07:51 PM
One of them was probably ordered with the "k8" SKU vs. "k9". The difference is that k9 includes strong ciphers from the factory image. With k8 you need to activate via licensing.
02-08-2020 12:49 AM
- Available cipher sometimes also depend on software version being used and or later versions may provide extra ciphers.
M.
02-11-2020 11:19 PM
hello everyone
i found the solution the moment that i connected the FTD to the Cisco Cloud for Licensing procedure the SSL Ciphers were available
thank you all for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide