Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
2
Helpful
2
Replies

Securing SSH, TLS, VPNs on Cisco IOS ISR

Aggron
Level 1
Level 1

‎05-29-2025 10:37 AM

I'm looking to provide guidance on router config, this I can do, been in networking for over a decade now. However, the one area where I'm less confident on though is in Security. Specifically, in the details of ciphers, hashes, and key exchange algorithm selections.

I'm knowledgeable enough, that I can kickout the worst / least secure, like RC4, (3)DES, MD5, SHA1, and very low DH Groups 1, 2, 5, etc -- Where I'm getting confused is in looking at Cisco command line SSH (TLS/SSL) options and among the higher end options. I'm seemingly finding conflicting information and not sure about what is or isn't vulnerable.

That is, inside of securing SSH (server role) - encryption has three to four varieties of AES depending on key length. (e.g. aes256-cbc, aes256-ctr, aes256-gcm, aes256-gcm@openssh.com). I'm reading various discussion, either here on Cisco community, StackExchange, or from say security blogs seemingly either stating or suggesting that AES-CBC less desirable, crappy, or "weak". And while AES-GCM is mentioned as secure, one person was saying it can "catastrophically" fail if duplicate "IVs" happen to be used or generated or such. So maybe, AES-CTR is the choice?

But, when I look at "ip http secure-ciphersuite" for TLS security -- What I see is exclusively CBC and GCM offerings, except for an odd ball "tls13-chacha20-poly1305-sha256" encryption type. So I use google to try to learn about 'chacha20' and I find out that, "TLS 1.3 has only five possible cipher suites, because it removed all unsecure cipher suites from TLS 1.2" and chacha20 is one of those five. But, what are the other 4 cipher suites? Combinations of AES-GCM. No, AES-CTR. So does this mean that AES-CTR is vulnerable? And, what happened to GCM being able to catastrophically fail if duplicate "IVs" are used?

I'd provide links to the sources I'm referencing, but (from prior posting) I've found the auto-moderation really doesn't like web links.

Can someone help me sort out this information? Or, is my basic knowledge of just getting rid of those weakest ciphers, hashing, and key exchange groups good enough?

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎05-31-2025 12:37 AM

There is cisco secuirty advisor' you can check ssh cipher recommendations.

For ISR ios xe harden check below 

https://sec.cloudapps.cisco.com/security/center/resources/IOS_XE_hardening

MHM

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2025 05:21 AM - edited ‎06-03-2025 05:43 AM

The basics you mentioned are sufficient for 95% of use cases.

I would add that it is almost never necessary to run the "ip http server", so the TLS parameters are a moot point when that is disabled.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card