topic Is TLSv2 applicable for SSH in Network Security https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749310#M192909 <P>Is TLSv2 applicable for SSH also? confirm.</P> Fri, 14 Aug 2015 03:32:11 GMT balamuruganmanavalan 2015-08-14T03:32:11Z Disable SSH CBC mode cipher encryption and disable MD5 and 96-bit MAC algorithms in SSH on Cisco ASA https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749306#M192903 <P>Hi all,</P><P>&nbsp;</P><P>Want to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption and disable MD5 and 96-bit MAC algorithms</P><P>ASA version : 9.1.5(21)</P><P>Any idea.</P><P>&nbsp;</P><P>Regards,</P><P>Bala</P> Tue, 12 Mar 2019 06:24:58 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749306#M192903 balamuruganmanavalan 2019-03-12T06:24:58Z You can't, the options are https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749307#M192904 <P>You can't, the options are quite limited. <A href="https://supportforums.cisco.com/document/12338141/guide-better-ssh-security">But you can configure your SSH-clients not to negotiate weak ciphers</A>.</P> Wed, 12 Aug 2015 12:34:35 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749307#M192904 Karsten Iwen 2015-08-12T12:34:35Z Is any doc or cisco release https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749308#M192905 <P>Is any doc or cisco&nbsp;release notes stating that it is not possible?</P><P>&nbsp;</P><P>Options are quite limited means?</P> Thu, 13 Aug 2015 06:03:51 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749308#M192905 balamuruganmanavalan 2015-08-13T06:03:51Z If you want to use TLSv2 https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749309#M192906 <P>If you want to use TLSv2 ciphersuites you are going to have to upgrade to 9.3 or higher; they aren't supported on earlier versions.</P><P>-- Jim Leinweber, WI State Lab of Hygiene</P> Thu, 13 Aug 2015 19:12:52 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749309#M192906 James Leinweber 2015-08-13T19:12:52Z Is TLSv2 applicable for SSH https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749310#M192909 <P>Is TLSv2 applicable for SSH also? confirm.</P> Fri, 14 Aug 2015 03:32:11 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749310#M192909 balamuruganmanavalan 2015-08-14T03:32:11Z No, TLS 1.2 in ASA versions 9 https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749311#M192910 <P>No, TLS 1.2 in ASA versions 9.3 and higher can be used with the actual AnyConnect client. But it's unrelated to SSH.</P> Fri, 14 Aug 2015 07:01:06 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749311#M192910 Karsten Iwen 2015-08-14T07:01:06Z To my knowledge it's not https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749312#M192911 <P>To my knowledge it's not documented that it's not possible ... Only the limited possibilities are documented, and that's mainly that you can restrict SSH to version 2 and configure the DH to group14.</P> Fri, 14 Aug 2015 07:03:36 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749312#M192911 Karsten Iwen 2015-08-14T07:03:36Z Correct.Is there any cisco https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749313#M192912 <P>Correct.</P><P>Is there any cisco doc or release note showing that no workaround in Cisco ASA for SSH vulnerability.</P><P>&nbsp;</P><P>If limited possibilities are documented, at least share that link.</P><P>&nbsp;</P> Fri, 14 Aug 2015 07:05:30 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749313#M192912 balamuruganmanavalan 2015-08-14T07:05:30Z All what you can do is https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749314#M192913 <P>All what you can do is documented in the config-guide.</P> Fri, 14 Aug 2015 07:08:19 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749314#M192913 Karsten Iwen 2015-08-14T07:08:19Z you are referring which https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749315#M192914 <P>you are referring which config-guide. can you share the link?</P> Fri, 14 Aug 2015 10:30:57 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749315#M192914 balamuruganmanavalan 2015-08-14T10:30:57Z http://www.cisco.com/c/en/us https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749316#M192915 <P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html">http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html</A></P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s16.html">http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s16.html</A></P> Fri, 14 Aug 2015 10:43:29 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749316#M192915 Karsten Iwen 2015-08-14T10:43:29Z If we enable SSH https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749317#M192916 <P>If we enable SSH authentication, can we mitigate that vulnerability?</P> Fri, 14 Aug 2015 12:28:18 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749317#M192916 balamuruganmanavalan 2015-08-14T12:28:18Z SSH always works with https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749318#M192917 <P>SSH always works with authentication. That's not related to the used ciphers.</P> Fri, 14 Aug 2015 12:51:06 GMT https://community.cisco.com/t5/network-security/disable-ssh-cbc-mode-cipher-encryption-and-disable-md5-and-96/m-p/2749318#M192917 Karsten Iwen 2015-08-14T12:51:06Z