cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1847
Views
0
Helpful
3
Replies
Beginner

Change cipher strength for management traffic

Hi All,

I’m performing a new deployment for my customer on a C370 Ironport and my customer has an internal team performing a band test on the Ironport box. The results show that the management traffic (HTTPS) is only using medium strength traffic (56bits – 112bits) in which does not meet the compliance of the organization. From the knowledge base, I checked that our management traffic is using either RC4-SHA or RC4-MD5. Any way to change this to AES or 3DES?

Besides that, in the band test, customer also notices that the box supports anonymous SSL ciphers. Any way to disable this?

Thanks.

Everyone's tags (4)
3 REPLIES 3
Highlighted
Enthusiast

Change cipher strength for management traffic

Hi there,

check out these articles:

Article #1399: How can I alter what ciphers are used with the Graphical User Interface (GUI)? Can I disable SSL v2 for the GUI? Link: http://tools.cisco.com/squish/80676

Article #1367: How do I prevent the IronPort appliance from negotiating null or anonymous ciphers? Link: http://tools.cisco.com/squish/3637E

So to exclude low and anonymous ciphers, sompthing like this would apply:

HIGH:MEDIUM:-SSLv2:-aNULL:@STRENGTH

Hope that helps,

Andreas


Highlighted
Beginner

Change cipher strength for management traffic

Hi Andreas,

Is there any possibility to apply these for the management interface (GUI) too? Thanks.

Regards,

Dennis Goh

Highlighted
Enthusiast

Change cipher strength for management traffic

Hi Dennis,

the articles mentioned are valid for the GUI as well, simply use sslconfig as described, and when asked:

Enter the GUI HTTPS ssl cipher you want to use.

you copy/paste the ciphers.

Hope that helps,

Andreas

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here