Cannot connect to ASA using https

Answered Question
Apr 20th, 2010

I'm trying to access my box ASA 5540 by https://ipaddress but I can't. I'm using Linux. I already have installed ASDM (when it works) and I can enter in the box by ASDM.

The Mozilla show the message: "Error code: ssl_error_no_cypher_overlap".

But I was looking and I did these tests.

OSInternet Explorer 7 and 8
Mozilla Firefox 3.6
Google Chrome
Linuxdoesn't workdoesn't workdoesn't work
Windows XPWorks Finedoesn't workWorks Fine
Windows Vista / Windows 7doesn't workdoesn't workdoesn't work

I've already clear all configuration of browsers, reboot the box, reboot the machines, re-generate a crypto key on ASA, enable and disable the http server and didn't work.

st02/sec/act# sh run http
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 external

st02/sec/act# sh run asdm
asdm image disk0:/asdm-625.bin
asdm history enable

Looking to ASA log it possible see:

6|Apr 20 2010|14:01:19|725001|192.168.100.100|35539|||Starting SSL handshake with client external:172.28.7.94/35539 for TLSv1 session.

Can anyone help with this situation.

I have this problem too.
1 vote
Correct Answer by Jennifer Halim about 6 years 7 months ago

Check the output of: sh run all ssl

Make sure you have all the combinations of ssl encryption algorithm as per the following:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1406272

ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Fernando Patzlaff Fri, 06/11/2010 - 12:06

the command

ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

solve the problem. Thanks!

Actions

This Discussion