Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

TLSv1.1 or 1.2 support on ASA 5540

Hi Team,

Currently we are using SSL3.0 of firewall for exposing one of the intranet portal to outside users. We want to enable TLSv1.1 or 1.2.

According to the output ssl server-version , we have only these options:

any, sslv3, sslv3-only, tlsv1, tlsv1-only.

our appliance is running following image :


Cisco Adaptive Security Appliance Software Version 8.2(5)

What measures have to be taken to subside this issue?






VIP Purple

It seems that the ASA is a

It seems that the ASA is a little behind in supporting the latest crypto. On my devices I configured "tls1-only" for the "ssl server-version" to make sure that no older SSL-versions are used. In addition to that I configured the ssl-cipers the following way:

ssl encryption dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1

But I'm pretty sure that the older 8.2(5) versions don't yet support the more modern dhe-crypto.

Community Member

@Karsten: Thanks for your

@Karsten: Thanks for your reply. How about version 9.0(2). Does that support this feature (TLSv1.1 or 1.2)



VIP Purple

no, it's not even in the 9.1

no, it's not even in the 9.1 (tested) or 9.2/9.3 (untested, but there are no changes documented).

It's still only TLSv1.0.

Community Member

ahh Thanks a lot ..I hope

ahh Thanks a lot ..I hope this gets fixed in the future releases.

VIP Purple

Hope is all that we can have

Hope is all that we can have ... ;-) Just remember that v1.2 is brand new, just six years old ... ;-) But I'm confident that sooner or later the ASA will support TLSv1.2.

Cisco Employee

TLSv1.2 is not supported in

TLSv1.2 is now supported starting ASA 9.3(2) release and above which is available now on CCO.


For your reference:




P.S.: Please rate the post if it helped or accept the reply as solution if answered.


Community Member

Thanks nikhil for the update.

Thanks nikhil for the update. Let me check the reference you shared :)
Cisco Employee

Hi,Glad I was able to help


Glad I was able to help.

Please mark the reply as 'Answered' and rate the post if it helped.


VIP Purple

But sadly, your ASA (and many

But sadly, your ASA (and many of mine) will not get this version. It's only available on the -X models.

CreatePlease to create content