Cisco Cisco ASA 5580 Adaptive Security Appliance Guia De Resolução De Problemas
There are two solutions for this mismatch.
Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the
commands used in this section.
commands used in this section.
Solution 1
On the master ASA, add des−sha1 as a valid SSL cipher suite:
ASA1/master# configuration terminal
ASA1/master(config)# ssl encryption des−sha1
Note: Cisco does not recommend that you enable des−sha1 because it is a weak cipher and is considered
vulnerable.
vulnerable.
Solution 2
On the slave ASA, add at least one of these SSL cipher suites: rc4−sha1, aes128−sha1, aes256−sha1, or
3des−sha1:
3des−sha1:
ASA2/ClusterDisabled# configuration terminal
ASA2/ClusterDisabled(config)# ssl encryption rc4−sha1
Related Information
Cisco ASA Series CLI Configuration Guide, 9.0
•
Technical Support & Documentation − Cisco Systems
•
Updated: May 09, 2013
Document ID: 116108