ASA - ASDM Cipher security levels

When configuring a Cisco ASA using ASDM, the SSL settings can be configured to use only specific ciphers. This can be done by going to one of the following menu location:

  • Configuration --> Device Management --> Advanced --> SSL Settings
  • Configuration --> Remote Access VPN --> Advanced --> SSL Settings

Under the configuration of "Encryption", you can set the Cipher Security Level to one of the following settings:

  • *All includes all ciphers, including NULL-SHA.
  • Low includes all ciphers, except NULL-SHA.
  • Medium includes all ciphers, except NULL-SHA, DES-CBC-SHA, RC4-MD5 (this is the default), RC4-SHA, and DES-CBC3-SHA.
  • Fips includes all FIPS-compliant ciphers, except NULL-SHA, DES-CBC-SHA, RC4-MD5, RC4-SHA, and DES-CBC3-SHA.
  • High includes only AES-256 with SHA-2 ciphers and applies only to TLS version 1.2.
  • Custom includes one or more ciphers that you specify in the Cipher algorithms/custom string box. This option provides you with full control of the cipher suite using OpenSSL cipher definition strings.