SSL VPN users only conenct on Protocol Encryption RC4 - why?

Unanswered Question
Jul 28th, 2008


My Clientless SSL VPN users only connect to my ASA on RC4 protocol encryption, is this ok? I want them to connect on AES 256 but they can't.

Actually 3DES-168 seems to work as well.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Mon, 07/28/2008 - 05:17

by default rc4-sha1 takes precedence

you can modify this behaviour by the command

"ssl encryption aes128-sha1 rc4-sha1 aes256-sha1 3des-sha1"

or use asdm

see the attachment

jamesgonzo Fri, 08/01/2008 - 04:50


I tried that but I only ever conenct at RC4-Sha1, even when I put it at the end.

Why is this please?

Farrukh Haroon Fri, 08/01/2008 - 06:23

It would depend on your browser, wouldn't it?

Which one are you using?

Also what do you have checked under Tools >> Internet Options >> Advanced (SSL 2.0 / SSL 3.0 ?)



jamesgonzo Fri, 08/01/2008 - 06:42

I'm using IE7, under those options I have SSL 3.0, TSL 1.0 selected.

In the ASDM I have Server SSL verion set to any and Client SSL version set to any.


This Discussion