Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
5
Helpful
1
Replies

Help disabling SSL cipher - Cisco Switch SG350

calexfiel
Level 1
Level 1

‎09-16-2022 07:58 AM

Based on result penetration test I have to disable all SSL export grade ciphers, to prevent 'SSL FREAK' (Factoring Attack on RSA-EXPORT Keys) 

Someone can help?

Thank you in advance,

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎09-17-2022 01:54 AM

Hello,

as far as I recall, FREAK applies to keys =< 512 bit encryption. The problem is that the SG350 switches do not run a full IOS (but rather a stripped down version). In 'full' IOS versions, you could specify which keys are allowed using the command 'ip ssh server algorithm encryption'...

For the SG350, you can configure a SSH key length:

Security > SSL Server > SSL Server Authentication Settings

If you set it to 1024, anything below should, in theory, not be allowed...

Customers Also Viewed These Support Documents