Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6068
Views
11
Helpful
4
Replies

Disabling TLS v1.1 at sw

Go to solution
Leftz
Level 4
Level 4

‎02-13-2023 12:46 PM

Hi There is security vulnerability issue on C9300 sw due to TLS version. Is there a command to disable TLS version 1.1 and 1.0? Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Leftz

‎02-14-2023 03:00 AM 

(config)#ip http tls-version tlsv1.2
(config)#ip http tls-version ?

  TLSv1.0  Set TLSv1.0 version Only
  TLSv1.1  Set TLSv1.1 version Only
  TLSv1.2  Set TLSv1.2 version Only

(config)#ip http secure-ciphersuite ? 
   aes-128-cbc-sha            Encryption type tls_rsa_with_aes_cbc_128_sha ciphersuite
  aes-256-cbc-sha            Encryption type tls_rsa_with_aes_cbc_256_sha ciphersuite
  dhe-aes-128-cbc-sha        Encryption type tls_dhe_rsa_with_aes_128_cbc_sha ciphersuite
  edche-rsa-aes-256-cbc-sha  Encryption type tls_ecdhe_rsa_aes_256_cbc_sha ciphersuite

• HTTPS Server command -- By default, it supports three versions. If you want to use a particular
version for the sessions, you can specify by configuring the ip http tls-version command in global
configuration mode. The versions are TLSv1.0, TLSv1.1, and TLSv1.2.
• HTTPS Client command -- By default, it supports three versions. If you want to use a particular
version for the sessions, you can specify by configuring the ip http client tls-version command
in global configuration mode. The versions are TLSv1.0, TLSv1.1, and TLSv1.2.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

Go to solution
Leftz
Level 4
Level 4

‎02-13-2023 01:38 PM - edited ‎02-13-2023 01:38 PM

Thanks for your reply. the switch use TLS, we need to disable lower version v1.1

PSW#sh ip http server all | i TLS
HTTP secure server TLS version: TLSv1.2 TLSv1.1

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Leftz

‎02-14-2023 03:00 AM 

(config)#ip http tls-version tlsv1.2
(config)#ip http tls-version ?

  TLSv1.0  Set TLSv1.0 version Only
  TLSv1.1  Set TLSv1.1 version Only
  TLSv1.2  Set TLSv1.2 version Only

(config)#ip http secure-ciphersuite ? 
   aes-128-cbc-sha            Encryption type tls_rsa_with_aes_cbc_128_sha ciphersuite
  aes-256-cbc-sha            Encryption type tls_rsa_with_aes_cbc_256_sha ciphersuite
  dhe-aes-128-cbc-sha        Encryption type tls_dhe_rsa_with_aes_128_cbc_sha ciphersuite
  edche-rsa-aes-256-cbc-sha  Encryption type tls_ecdhe_rsa_aes_256_cbc_sha ciphersuite

• HTTPS Server command -- By default, it supports three versions. If you want to use a particular
version for the sessions, you can specify by configuring the ip http tls-version command in global
configuration mode. The versions are TLSv1.0, TLSv1.1, and TLSv1.2.
• HTTPS Client command -- By default, it supports three versions. If you want to use a particular
version for the sessions, you can specify by configuring the ip http client tls-version command
in global configuration mode. The versions are TLSv1.0, TLSv1.1, and TLSv1.2.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Leftz
Level 4
Level 4

‎02-14-2023 07:02 AM

Very good explanation! Thank you!

0 Helpful
Customers Also Viewed These Support Documents