×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Support for DHE on SSL in AnyConnect 3.1?

Unanswered Question
Jul 29th, 2013
User Badges:

Hello everyone,


I found the following statement in the Cisco ASA 5500 Series Configuration Guide using the CLI.


"Some clients may not support DHE, including AnyConnect 2.5 and 3.0, Cisco Secure Desktop, and Internet Explorer 9.0."


I wonder, did this change in AnyConnect 3.1? Does AnyConnect 3.1 support DHE on SSL connections?


Thanks and kind regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marcin Latosiewicz Mon, 07/29/2013 - 04:25
User Badges:
  • Cisco Employee,

We added DHE support in ASA 8.4.4 (AFAIR) 9.1.2, but it's still not in on Anyconnect even in 3.1, at least the internal enhancement request is not fulfilled.


If I may know, where is this quesiton coming from? We added Suite-B support to both AC and ASA (and IOS), I have not seen DHE mandated anywhere (granted I have limited visibility).


http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html#wp685480

kschultz Wed, 10/29/2014 - 08:58
User Badges:

What is the status of this support? Has DHE support been added to Anyconnect or not?

If not, is it on the roadmap to get fulfilled any time soon?

 

Marcin Latosiewicz Wed, 10/29/2014 - 09:16
User Badges:
  • Cisco Employee,

You might want to reach out to your SE for commitment/confirmation. 

From what I know it going to end up with TLS 1.2 support in next big release (4.0?)

Actions

This Discussion