SSL VPN users only conenct on Protocol Encryption RC4 - why?

Unanswered Question
Jul 28th, 2008
User Badges:


My Clientless SSL VPN users only connect to my ASA on RC4 protocol encryption, is this ok? I want them to connect on AES 256 but they can't.

Actually 3DES-168 seems to work as well.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Mon, 07/28/2008 - 05:17
User Badges:
  • Gold, 750 points or more

by default rc4-sha1 takes precedence

you can modify this behaviour by the command

"ssl encryption aes128-sha1 rc4-sha1 aes256-sha1 3des-sha1"

or use asdm

see the attachment

jamesgonzo Fri, 08/01/2008 - 04:50
User Badges:


I tried that but I only ever conenct at RC4-Sha1, even when I put it at the end.

Why is this please?

Farrukh Haroon Fri, 08/01/2008 - 06:23
User Badges:
  • Red, 2250 points or more

It would depend on your browser, wouldn't it?

Which one are you using?

Also what do you have checked under Tools >> Internet Options >> Advanced (SSL 2.0 / SSL 3.0 ?)



jamesgonzo Fri, 08/01/2008 - 06:42
User Badges:

I'm using IE7, under those options I have SSL 3.0, TSL 1.0 selected.

In the ASDM I have Server SSL verion set to any and Client SSL version set to any.


This Discussion