It turns out the problem was caused by changing the DTLS cipher security level from Medium to High on the ASA. Setting it back to Medium has fixed the problem. My co-worker noted that with High, the only enabled cipher was DHE-RSA-AES256-SHA. With Medium, the following are also enabled: DES-CBC3-SHA AES128-SHA DHE-RSA-AES128-SHA AES256-SHA DHE-RSA-AES256-SHA The server is now returning X-DTLS-CipherSuite: AES256-SHA. I must confess my knowledge of encryption is rudimentary. Is the High selection even reasonable? If so, might it be supported in a later version of OpenSSL? Thanks, Peter
