cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2003
Views
0
Helpful
3
Replies
yoongseong
Beginner

Change cipher strength for management traffic

Hi All,

I’m performing a new deployment for my customer on a C370 Ironport and my customer has an internal team performing a band test on the Ironport box. The results show that the management traffic (HTTPS) is only using medium strength traffic (56bits – 112bits) in which does not meet the compliance of the organization. From the knowledge base, I checked that our management traffic is using either RC4-SHA or RC4-MD5. Any way to change this to AES or 3DES?

Besides that, in the band test, customer also notices that the box supports anonymous SSL ciphers. Any way to disable this?

Thanks.

3 REPLIES 3
Andreas Mueller
Enthusiast

Hi there,

check out these articles:

Article #1399: How can I alter what ciphers are used with the Graphical User Interface (GUI)? Can I disable SSL v2 for the GUI? Link: http://tools.cisco.com/squish/80676

Article #1367: How do I prevent the IronPort appliance from negotiating null or anonymous ciphers? Link: http://tools.cisco.com/squish/3637E

So to exclude low and anonymous ciphers, sompthing like this would apply:

HIGH:MEDIUM:-SSLv2:-aNULL:@STRENGTH

Hope that helps,

Andreas


Hi Andreas,

Is there any possibility to apply these for the management interface (GUI) too? Thanks.

Regards,

Dennis Goh

Hi Dennis,

the articles mentioned are valid for the GUI as well, simply use sslconfig as described, and when asked:

Enter the GUI HTTPS ssl cipher you want to use.

you copy/paste the ciphers.

Hope that helps,

Andreas

Content for Community-Ad