Guest

Preview Tool

Cisco Bug: CSCum96204 - ASA cluster - RSA key size 4096 bits is not replicated cluster members

Last Modified

Nov 27, 2020

Products (2)

  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

9.1(3) 9.1(4)

Description (partial)

Symptom:
Normally, when an RSA key is generated on the Cluster Master it is replicated to all slave units. This is not the case though when the key size is 4096 bits.

ciscoascluster exec show crypto key mypubkey rsa
ASA1(LOCAL):**********************************************************
Key pair was generated at: 13:51:07 UTC Feb 4 2014
Key name: Default-RSA-Key
 Usage: General Purpose Key
 Modulus Size (bits): 4096
 Key Data:

  30820222 300d0609 2a864886 f70d0101 01050003 82020f00 3082020a 02820201
  00b975cb f3264809 69cb4978 8a1f18a9 e21bb13f 0922c9d8 951438cd c16e06a7
  b0e858ba f1831cc5 f9531a6c bbb8ca91 77530574 720ecc4d 813b4746 09845fde
  7226d762 8426fe77 e19f49bf 5f6fd9cb 03037730 4eba5061 27ad182a 9fcf324e
  38d284ca 99a627f7 b6332715 9459e584 e40a981f 21543ca1 f910819f 2f21fb4e
  aa1bf5e2 99aa89b0 43b0214e bc63ecbf 0f854994 89a5d1f6 9b8db7ee 7398eeab
  75cf43ff 820831c2 fa864cc6 ce7e19f8 1af7dfb6 af7c6258 61ffd67e 7dee76a8
  761b5481 a871f836 0ef64cbe 6a5e1b91 767be4a7 fdf14908 1bcf797f 78d03076
  b40cff88 ebabd2ed d2e4faaf bc213660 1c2e3d69 ed69ad89 c671c4c9 387f3472
  3974183c 42f36531 78b0af52 58360181 6df290cd 3eeec3c6 a08255a3 18a375ce
  14986069 046cc938 95c5d454 63302766 cc0c8fb9 18368426 e8299dfb 4ddb1a0a
  50624238 66db35ae fc6efd29 25adfca7 dfa09407 4f1235d6 0b7eec7c 09d22d01
  68471f0a 83b17975 5844dd7e fda6b7cf e1881024 3fb4a523 f4f2f4d3 34ecffa1
  b00ba9b2 3d26ee51 89eb3c8b 00a96197 e38256a8 32006d48 eec14a7a 85ffd6a6
  fb063c84 f188d273 1a5aa996 7ac752be b429e76e f77cdcb5 11ecd804 af97a0bf
  4d0d2165 1c0fe81d ce7dae21 8641171c aa8be1a9 4300406f edbec01b 18a1e62f
  2e4f2c6c 4e9badfc d8a99c0e b7fc08eb 69b87da3 c0a04c7d 369a0a9a 926522d7
  47020301 0001


ASA2:*****************************************************************
ciscoasa#

Normal output (with key 2048 bits):
ciscoasa#cluster exec show crypto key mypubkey rsa
ASA1(LOCAL):**********************************************************
Key pair was generated at: 13:48:44 UTC Feb 4 2014
Key name: <Default-RSA-Key>
 Usage: General Purpose Key
 Modulus Size (bits): 2048
 Key Data:

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101
  0084fde4 5246a266 ca4d6ad5 b36a65b9 13c9e3bd d2496fec 0e424ae4 5d0cc050
  dd9345cc fa9ccf49 e4890c5e c6c50eb9 bfd7f72e 1ff3a269 e9358c1b 486f6535
  504e1370 b1eb356b e873d46c c0a78116 034c710c 45d286f1 d7b140e4 50b138d0
  e7181ada 789154b8 94c80f2e 7d9b072b 1760a934 4cf4d6ec e6b8a74c 824c3cea
  736516d1 dd467a5d 20fdd98d 7b1be79a 0b45e085 785ea0f4 0d1e60d6 5ad0fc37
  2bea93ee f79a8ff3 cd0ff525 9eb76b04 96a3877d 726963c3 9abdc1f6 ba88fd2c
  7c1eff34 e9a12ce3 9161aa2d 533c47ae ebb07507 2d38bfa6 28860ad1 e4ef70c5
  43024255 60842d13 c7f0c108 2e42c3de 17ecc8a8 21323b80 49ac76a2 16217e41
  79020301 0001


ASA2:*****************************************************************
Key pair was generated at: 13:48:44 UTC Feb 4 2014
Key name: <Default-RSA-Key>
 Usage: General Purpose Key
 Modulus Size (bits): 2048
 Key Data:

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101
  0084fde4 5246a266 ca4d6ad5 b36a65b9 13c9e3bd d2496fec 0e424ae4 5d0cc050
  dd9345cc fa9ccf49 e4890c5e c6c50eb9 bfd7f72e 1ff3a269 e9358c1b 486f6535
  504e1370 b1eb356b e873d46c c0a78116 034c710c 45d286f1 d7b140e4 50b138d0
  e7181ada 789154b8 94c80f2e 7d9b072b 1760a934 4cf4d6ec e6b8a74c 824c3cea
  736516d1 dd467a5d 20fdd98d 7b1be79a 0b45e085 785ea0f4 0d1e60d6 5ad0fc37
  2bea93ee f79a8ff3 cd0ff525 9eb76b04 96a3877d 726963c3 9abdc1f6 ba88fd2c
  7c1eff34 e9a12ce3 9161aa2d 533c47ae ebb07507 2d38bfa6 28860ad1 e4ef70c5
  43024255 60842d13 c7f0c108 2e42c3de 17ecc8a8 21323b80 49ac76a2 16217e41
  79020301 0001
ciscoasa#

Conditions:
RSA key or 4096 bits is configured.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.