Discovered tonight that Cisco’s Anyconnect SSL VPN client when used in Vista must be doing something with TLS instead of pure SSL.  How do I know this?

Had a Vista PC that could log into one ASA just fine but would always bomb on another.  It would fail with something like the “SSL Engine has failed”.  I finally discovered the difference between the ASA’s.

The failing one had “ssl server-version sslv3”.  This effectively limited it to SSLv2 startup and SSLv3 running.  Or the other way around, can’t remember.  By switching it to “ssl server-version all” it began working.  There’s an option for making it TLS only as well but I don’t know if that would break the XP installations out there.

Leave a comment

Your email address will not be published. Required fields are marked *