Discovered tonight that Cisco's Anyconnect SSL VPN client when used in Vista must be doing something with TLS instead of pure SSL. How do I know this?
Had a Vista PC that could log into one ASA just fine but would always bomb on another. It would fail with something like the "SSL Engine has failed". I finally discovered the difference between the ASA's.
The failing one had "ssl server-version sslv3". This effectively limited it to SSLv2 startup and SSLv3 running. Or the other way around, can't remember. By switching it to "ssl server-version all" it began working. There's an option for making it TLS only as well but I don't know if that would break the XP installations out there.