Preview Tool

Cisco Bug: CSCum63371 - ENH: Allow configurable HMAC and encryption algorithms on ASA SSH server

Last Modified

Apr 17, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.2(1) 9.2(3.4) 9.5(2.6)

Description (partial)

The Cisco ASA SSH server is not configurable as to encryption and HMAC algorithms.  Since 8.4.4, certain versions are able to use the 'ssh key-exchange group' command to use different key exchange algorithms, but the encryption and HMAC algorithms are still not configurable.  Some customers claim that this is causing them to fail security audits.

Normal operation

Related Community Discussions

Disable CBC mode and MD5 MAC algorithms
I'm running a 5515 ASA with version 9.4(2)6 and due to a report created after a recent pen test, I've been requested to disable CBC mode and MD5 MAC algorithms on my security appliance. After much searching on the web and using both ASDM and the CLI, I can't seem to figure out how to disable these.  Any help is appreciated.  Thanks.
Latest activity: Aug 23, 2016
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.