Am 04.01.2019 um 22:05 schrieb David Woodhouse: > On Fri, 2019-01-04 at 20:09 +0000, David Woodhouse wrote: >> On Fri, 2019-01-04 at 20:07 +0000, David Woodhouse wrote: >>> On Fri, 2019-01-04 at 19:50 +0100, Muenz, Michael wrote: >>>> Am 04.01.2019 um 15:40 schrieb David Woodhouse: >>>>> I think those are done, in my tncc branch. Last call for 8.0 >>>>> then... >>>>> >>>>> Nobody's got the latest ASA supporting DTLS v1.2 that I can >>>>> have >>>>> an >>>>> account on? Or the time to do some testing for me? >>>> >>>> ASA 5508 with 9.10.1 image is OK for you? >>> I actually have no idea. All I know is what's in >>> https://gitlab.com/openconnect/ocserv/issues/188 >> >> I think not? I think it was added elsewhere but *not* on 5508, if I'm >> reading this correctly: >> >> https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn63389 > > The release notes at > https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html > seem to confirm this. DTLS 1.2 support is added to "all ASA > models except the 5506-X, 5508-X, and 5516-X". > > I think the KVM-based ASAv image at > https://software.cisco.com/download/home/286119613/type/280775065/release/9.10.1 > probably *would* work, if I had a valid Cisco login with support > contract associated with it :) Ah yes, read that some time ago too. Luckily my customers don't need certify for ISO27001 or similar. I can only offer up to 5515, probably also 4.7 as client if need to test something. Best, Michael
