Does ACE service module support SHA2(256) certificates

Answered Question
Sep 2nd, 2010

Hello,

Does anyone know if ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00

I have this problem too.
1 vote
Correct Answer by litrenta about 6 years 3 months ago

Not supported on ACE. There are plans for SHA2 support specifically for

verification of certificates signed with SHA2 family algorithms (SHA224
through 512) on the ACE 30 module coming out later this year. This will not be supported on current ACE modules.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
litrenta Thu, 09/02/2010 - 11:37

Not supported on ACE. There are plans for SHA2 support specifically for

verification of certificates signed with SHA2 family algorithms (SHA224
through 512) on the ACE 30 module coming out later this year. This will not be supported on current ACE modules.

guilty_2 Thu, 09/02/2010 - 23:15

hmmm...thats not very encouraging. I expected that it would at least be supported in software. Thanks for replying

guilty_2 Fri, 09/03/2010 - 02:38

Just received a reply on my TAC:

SHA-2 support will not be added to either of the A2 or A3 code trains.
However,
In the next release (4.x) release we will be adding SHA2 support
specifically for verification of certificates signed with SHA2 family
algorithms (SHA224 through 512). The current ETA for this code version
is Q4CY 2010 (ie: between now and Christmas).

litrenta Fri, 09/03/2010 - 04:58

correct note that 4.x software will not run on the current ace modules, only on the new

ACE 30 modules coming out at the same time, and on the existing ACE appliance.

paulgilbody Mon, 11/14/2011 - 07:46

I can't find any updates on this - can someone advise if the ACE 4710 can or will support SHA-2 now or in the near future? Specifically SHA-512?

Thanks

litrenta Mon, 11/14/2011 - 11:17

ACE 4710 running A4 code supports sha-512 for verification of certs signed with this algorithm. It does not support negotiation of sha-2 cipher specs in ssl termination.

Actions

This Discussion