01-29-2019 10:26 AM - edited 03-08-2019 05:48 PM
So I am running security scans on our network for the first time. I have a long list of things to fix. One is the SSL/TLS suite another is upgrading the key to the diffie-hellman key exchange. I was hoping to get pointed in the right direction on how to disable old unused protocols or upgrade the keys to these protocols.encryption
Solved! Go to Solution.
01-29-2019 12:01 PM
The 3560X software is still being actively developed, the last release was only 4 months ago. 15.2(4)E7 will contain fixes for the most pressing OpenSSL and TLS vulnerabilities. Check the release notes and specifically the resolved caveats:
If you want to choose the ciphers used IOS take a look at this document:
cheers,
Seb.
01-29-2019 11:20 AM
HI there,
It would help to know what platforms you are looking to re-configure. Keep in mind that older platforms will not be able to use 'Next Generation Encryption' so some of the suites will not be available to you.
https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
cheers,
Seb.
01-29-2019 11:25 AM
We have 2 3560x Catalysts. I assume by your comment I will be out of luck upgrading these since they are end of life in October.
01-29-2019 12:01 PM
The 3560X software is still being actively developed, the last release was only 4 months ago. 15.2(4)E7 will contain fixes for the most pressing OpenSSL and TLS vulnerabilities. Check the release notes and specifically the resolved caveats:
If you want to choose the ciphers used IOS take a look at this document:
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide