SSL/TLS Settings for the AnyConnect VPN Client

SSL/TLS settings for the AnyConnect VPN Client in Internet Explorer

Requirements for AnyConnect and SSL versions (TLSv1, SSLV3)

Make sure is listed as a trusted site. See below:

Open up Internet options > Click on the trusted sites icon so that it is highlighted > Click on the Sites button.


It should bring up this window.  If is not listed already under websites, then enter it into the text box and clock the add button.


Click close or OK on the windows you just opened to apply the new settings.

If that doesn't help, check the TLS and SSL settings.  A screenshot of the defaults is below.  Anyconnect uses TLS with SSL as a fallback, and it hooks in with Internet Explorer to get these settings, as well as the certificate.  SSL 3.0, and TLS 1.0 are the required settings.


Q. What is the requirements for AnyConnect and SSL versions (TLSv1, SSLV3)?
A. AnyConnect requires that the ASA be configured to accept TLSv1 traffic and that the browser settings be set for TLSV1.0. TLSv1.0 is a more secure and modern protocol then SSLv3.

Keywords:2factor vpn cisco anyconnect ssl tls certificate validation   Doc ID:19734
Owner:Gary F.Group:Office of Campus Information Security
Created:2011-08-11 19:00 CDTUpdated:2015-10-02 10:29 CDT
Sites:DoIT Help Desk, DoIT Staff, Office of Campus Information Security
Feedback:  0   0