Determine the OpenSSL Cipher Suite Used by your ASA

Use this procedure to identify the OpenSSL cipher suite being used by your ASA. If the cipher suite named in the command output is not in the list of supported cipher suites, the SDC doesn't support that cipher suite and you will need to update the cipher suites on your ASA.

Procedure

Step 1

Open a console window on a computer that can reach the SDC.

Step 2

Connect to your SDC using SSH. You can log in as a regular user such as CDO or SDC or some other user you created. You don't need to be logged in as root.

Tip

To find your SDC IP address:

  1. Open CDO.

  2. From the user menu, select Secure Device Connectors.

  3. Click the SDC displayed in the table. The IP address of the SDC is displayed in the details pane for the device.

Step 3

At the command prompt enter: openssl s_client -showcerts -connect ASA_IP_Address:443

Step 4

Look for these lines in the command output.

New, TLSV1/SSLv3, Cipher is DES-CB3-SHA 
or 
SSL-Session:
            Protocol: TLSv1.2 
            Cipher: DES-CB3-SHA

In this example, the cipher suite being used by the ASA is DES-CB3-SHA.