Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Does ACE service module support SHA2(256) certificates

Hello,

Does anyone know if ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Does ACE service module support SHA2(256) certificates

Not supported on ACE. There are plans for SHA2 support specifically for

verification of certificates signed with SHA2 family algorithms (SHA224
through 512) on the ACE 30 module coming out later this year. This will not be supported on current ACE modules.

6 REPLIES
Cisco Employee

Re: Does ACE service module support SHA2(256) certificates

Not supported on ACE. There are plans for SHA2 support specifically for

verification of certificates signed with SHA2 family algorithms (SHA224
through 512) on the ACE 30 module coming out later this year. This will not be supported on current ACE modules.

New Member

Re: Does ACE service module support SHA2(256) certificates

hmmm...thats not very encouraging. I expected that it would at least be supported in software. Thanks for replying

New Member

Re: Does ACE service module support SHA2(256) certificates

Just received a reply on my TAC:

SHA-2 support will not be added to either of the A2 or A3 code trains.
However,
In the next release (4.x) release we will be adding SHA2 support
specifically for verification of certificates signed with SHA2 family
algorithms (SHA224 through 512). The current ETA for this code version
is Q4CY 2010 (ie: between now and Christmas).

Cisco Employee

Re: Does ACE service module support SHA2(256) certificates

correct note that 4.x software will not run on the current ace modules, only on the new

ACE 30 modules coming out at the same time, and on the existing ACE appliance.

New Member

Does ACE service module support SHA2(256) certificates

I can't find any updates on this - can someone advise if the ACE 4710 can or will support SHA-2 now or in the near future? Specifically SHA-512?

Thanks

Cisco Employee

Does ACE service module support SHA2(256) certificates

ACE 4710 running A4 code supports sha-512 for verification of certs signed with this algorithm. It does not support negotiation of sha-2 cipher specs in ssl termination.

3603
Views
5
Helpful
6
Replies