Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3534
Views
0
Helpful
3
Replies

Upgrade SSL

Go to solution
dbrill001
Level 1
Level 1

‎01-29-2019 10:26 AM - edited ‎03-08-2019 05:48 PM

So I am running security scans on our network for the first time. I have a long list of things to fix. One is the SSL/TLS suite another is upgrading the key to the diffie-hellman key exchange. I was hoping to get pointed in the right direction on how to disable old unused protocols or upgrade the keys to these protocols.encryption

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎01-29-2019 12:01 PM

The 3560X software is still being actively developed, the last release was only 4 months ago. 15.2(4)E7 will contain fixes for the most pressing OpenSSL and TLS vulnerabilities. Check the release notes and specifically the resolved caveats:

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-2_4_e/releasenotes/rn-1524e-3750x3560x.html#pgfId-1115282

 

If you want to choose the ciphers used IOS take a look at this document:

https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v501/command/reference/cmdref/crypto_ssl.pdf

 

cheers,

Seb.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎01-29-2019 11:20 AM

HI there,

It would help to know what platforms you are looking to re-configure. Keep in mind that older platforms will not be able to use 'Next Generation Encryption' so some of the suites will not be available to you.

 

https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

 

cheers,

Seb.

0 Helpful

Go to solution
dbrill001
Level 1
Level 1
In response to Seb Rupik

‎01-29-2019 11:25 AM

We have 2 3560x Catalysts. I assume by your comment I will be out of luck upgrading these since they are end of life in October.

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎01-29-2019 12:01 PM

The 3560X software is still being actively developed, the last release was only 4 months ago. 15.2(4)E7 will contain fixes for the most pressing OpenSSL and TLS vulnerabilities. Check the release notes and specifically the resolved caveats:

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-2_4_e/releasenotes/rn-1524e-3750x3560x.html#pgfId-1115282

 

If you want to choose the ciphers used IOS take a look at this document:

https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v501/command/reference/cmdref/crypto_ssl.pdf

 

cheers,

Seb.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents