However if we configure the ASA to support only a strong encryptuon algorithm (like AES256-SHA):
The communication will fail and we will see the following SYSLOG on the ASA:
%ASA-7-725014: SSL lib error. Function: ssl3_get_client_hello Reason: no shared cipher
And the following log on the CSM:
"Unable to communicate with the Device"
The Security Manager Server and the device could not negotiate the security level"
Due to import regulations in some countries the Oracle implementation provides a default cryptographic jurisdiction policy file that limits the strength of cryptographic algorithms. If stronger algorithms need to be configured or are already configured on the device (for example, AES with 256-bit keys, DH group with 5,14,24), follow these steps:
Download the Java 7 unlimited strength cryptography policy.jar files from http://www.oracle.com. Cisco recommends to search for the following on the Oracle website: