Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1945
Views
1
Helpful
3
Replies

Cisco Prime Infrastructure 3.1 "enable TLSv1.2 only"

mel-ghazali
Level 1
Level 1

‎06-28-2016 04:05 AM

Dears,

have any one tried to disable SSLv2, SSLv3 , TLSv1.0 and TLS1.1 and keep only TLS1.2

1 person had this problem
Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎06-29-2016 12:50 AM

 - Presumably, apache being used, you may change, httpd.conf,or ssl.conf,or httpd-ssl.conf (find the relevant file,containing ssl-directives) and use something as :

SSLProtocol all -SSLv2 -SSLv3 -Anyother-cipher-you-don't-want

Restart httpd afterwards, HOWEVER, prime may have the settings hard-coded in the daemon so I am not sure this will work.

Verify before and after with :

% nmap --script ssl-enum-ciphers -p 443 <host>


-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

marce1000
VIP
VIP

‎06-29-2016 12:54 AM

- Sorry my first reply may got garbled, so I try again :

 - Presumably, apache being used, you may change, httpd.conf,or ssl.conf,or httpd-ssl.conf (find the relevant file,containing ssl-directives) and use something as :

SSLProtocol All -SSLv2 --Anyother-ciphers-you-don't-want

Restart apache, prime ,however may have the settings hard-coded in the daemon, so I am not sure this will work;verify with :

% nmap --script ssl-enum-ciphers -p 443 <host>

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

andy!doesnt!like!uucp
Spotlight
Spotlight
In response to marce1000

‎10-10-2022 02:50 AM

Hi Marce
why cant it be changed with prime CLI instead?

tls-server-versions <tls_versions> - set the TLS versions to be enabled for TLS service  - TLSv1.2 TLSv1.1 TLSv1
tls-server-ciphers <tls_cipher_groups> - set the TLS cipher group to be enabled  for TLS service - tls-ecdhe-sha2 tls-ecdhe-sha1 tls-dhe-sha2 tls-dhe-sha1 tls-static-sha2 tls-static-sha1

Command Reference Guide for Cisco Prime Infrastructure 3.10 - Command Reference [Cisco Prime Infrastructure] - Cisco

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card