Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1965
Views
0
Helpful
5
Replies

SSL Ciphers

Go to solution
Ma3n
Level 1
Level 1

‎02-07-2020 02:30 PM

hey everyone 

I have an FTD1010 Firewall with an ASA 9.13(1) installed on it 

am having a problem with my SSL VPN

I checked a little and I found that I have only one cipher which is DES-CBC-SHA

this is the output of my show SSL ciphers

Current cipher configuration:
default (low):
  DES-CBC-SHA
tlsv1 (low):
  DES-CBC-SHA
tlsv1.1 (low):
tlsv1.2 (low):
dtlsv1 (low):
dtlsv1.2 (low):

 

aren't there supposed to be more algorithms ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ma3n
Level 1
Level 1

‎02-11-2020 11:19 PM

hello everyone

 

i found the solution the moment that i connected the FTD to the Cisco Cloud for Licensing procedure the SSL Ciphers were available

 

thank you all for your help

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎02-07-2020 02:54 PM

Hi,

Does it permit you to change the SSL ciphers? If not what license do you have?

For example:-

 

ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher default high
ssl cipher tlsv1.2 high
ssl dh-group group24

 HTH

0 Helpful

Go to solution
Ma3n
Level 1
Level 1
In response to Rob Ingram

‎02-07-2020 03:17 PM

yes it does permit and am waiting for my smart license
i have another ASA 5506X that already has the ssl ciphers with out even using the license.

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Ma3n

‎02-08-2020 07:51 PM

One of them was probably ordered with the "k8" SKU vs. "k9". The difference is that k9 includes strong ciphers from the factory image. With k8 you need to activate via licensing.

0 Helpful

Go to solution
marce1000
VIP
VIP

‎02-08-2020 12:49 AM

 

 - Available cipher sometimes also depend on software version being used and or later versions may provide extra ciphers.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Ma3n
Level 1
Level 1

‎02-11-2020 11:19 PM

hello everyone

 

i found the solution the moment that i connected the FTD to the Cisco Cloud for Licensing procedure the SSL Ciphers were available

 

thank you all for your help

0 Helpful
Customers Also Viewed These Support Documents