cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
keystroke13
New Contributor

Disable Weak Ciphers

Jump to solution

We are currently running AOS version 18.02.03.00.E on a NetVanta 1300 Series access router. Is there a way to disable all weak ciphers when allowing HTTPS access to the internal web server/GUI? The device allows for DES 56-bit key (DES-CBC-SHA) which is now considered to be insecure.

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: Disable Weak Ciphers

Jump to solution

Yes, you can disable it using the http secure-ciphersuite commands.

E.g.:

BT_900E(config)#do sho run ver | inc cipher

http secure-ciphersuite dhe-rsa-aes256-sha

http secure-ciphersuite aes256-sha

http secure-ciphersuite edh-rsa-des-cbc3-sha

http secure-ciphersuite des-cbc3-sha

http secure-ciphersuite des-cbc3-md5

http secure-ciphersuite dhe-rsa-aes128-sha

http secure-ciphersuite aes128-sha

http secure-ciphersuite rc4-sha

http secure-ciphersuite rc4-md5

http secure-ciphersuite edh-rsa-des-cbc-sha

http secure-ciphersuite des-cbc-sha

http secure-ciphersuite des-cbc-md5

BT_900E(config)#no http secure-ciphersuite des-cbc-sha

BT_900E(config)#

Hope this helps,

Brett

View solution in original post

0 Kudos
3 Replies
Anonymous
Not applicable

Re: Disable Weak Ciphers

Jump to solution

Yes, you can disable it using the http secure-ciphersuite commands.

E.g.:

BT_900E(config)#do sho run ver | inc cipher

http secure-ciphersuite dhe-rsa-aes256-sha

http secure-ciphersuite aes256-sha

http secure-ciphersuite edh-rsa-des-cbc3-sha

http secure-ciphersuite des-cbc3-sha

http secure-ciphersuite des-cbc3-md5

http secure-ciphersuite dhe-rsa-aes128-sha

http secure-ciphersuite aes128-sha

http secure-ciphersuite rc4-sha

http secure-ciphersuite rc4-md5

http secure-ciphersuite edh-rsa-des-cbc-sha

http secure-ciphersuite des-cbc-sha

http secure-ciphersuite des-cbc-md5

BT_900E(config)#no http secure-ciphersuite des-cbc-sha

BT_900E(config)#

Hope this helps,

Brett

0 Kudos
Anonymous
Not applicable

Re: Disable Weak Ciphers

Jump to solution

:

I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

Levi

Anonymous
Not applicable

Re: Disable Weak Ciphers

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi