How to fix Cisco ASA HTTP server CIPHER_MISMATCH error

If you’re going to use the ASA ADSM interface, then you’ll need to enable the HTTP server. After running “http server enable”, you may find that you’re unable to connect to the ASA web interface with your web browser. You may see an error similiar to the following:

Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Uknown error.

This is because the ASA may not have a compatible encryption cipher suite. You can verfiy by running thef ollowing command:

 
 
1
2
3
4
ciscoasa(config)# sh run all ssl
ssl server-version any
ssl client-version any
ssl encryption des-sha1

To  correct this, we’ll need to complete the encryption map. I removed des-sha1 since it’s often not used:

 
 
1
ciscoasa(config)# ssl encryption 3des-sha1 aes128-sha1 aes256-sha1

That should correct the issue, and you should be able to view the ‘admin’ web page.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s