SSL/TLS Settings for the AnyConnect VPN Client

SSL/TLS settings for the AnyConnect VPN Client in Internet Explorer

Requirements for AnyConnect and SSL versions (TLSv1, SSLV3)

Make sure 2factor.services.wisc.edu is listed as a trusted site. See below:

Open up Internet options > Click on the trusted sites icon so that it is highlighted > Click on the Sites button.

1st.png

It should bring up this window.  If https://2factor.services.wisc.edu is not listed already under websites, then enter it into the text box and clock the add button.

2nd.png

Click close or OK on the windows you just opened to apply the new settings.

If that doesn't help, check the TLS and SSL settings.  A screenshot of the defaults is below.  Anyconnect uses TLS with SSL as a fallback, and it hooks in with Internet Explorer to get these settings, as well as the certificate.  SSL 3.0, and TLS 1.0 are the required settings.

3rd.png



Q. What is the requirements for AnyConnect and SSL versions (TLSv1, SSLV3)?
A. AnyConnect requires that the ASA be configured to accept TLSv1 traffic and that the browser settings be set for TLSV1.0. TLSv1.0 is a more secure and modern protocol then SSLv3.



Keywords:2factor vpn cisco anyconnect ssl tls certificate validation   Doc ID:19734
Owner:Gary F.Group:Office of Campus Information Security
Created:2011-08-11 19:00 CDTUpdated:2015-10-02 10:29 CDT
Sites:DoIT Help Desk, DoIT Staff, Office of Campus Information Security
Feedback:  0   0