Solved: SSL security issue at router

Leftz · ‎06-06-2022

Hi We have a router and do not know why we started to receive security warning. Below is the info we received. Now it has ip https enable and http disabled. If we disable the https, it should resolve the issue? Any other solutions? Thanks

SSL Version 2 and 3 Protocol Detection

The remote service encrypts traffic using a protocol with known weaknesses.

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including

Rob Ingram · ‎06-06-2022

@Leftz there could be several reasons, the other devices could be configured with ACL to block https requests, https server could be disabled, or the other devices could be configured with a stronger ciphersuite etc.

As to why it hasn't been detected before we cannot answer, perhaps it wasn't scanned correctly?

View solution in original post

Rob Ingram · ‎06-06-2022

@Leftz yes if you disable https service it should not respond. Run "no ip http secure-server"

Leftz · ‎06-06-2022

Thanks Rob for your reply. actually I would like to know why it has not been detected before? and ssl and tls are used in a lot devices. why the other device do not send the warning?

Rob Ingram · ‎06-06-2022

@Leftz there could be several reasons, the other devices could be configured with ACL to block https requests, https server could be disabled, or the other devices could be configured with a stronger ciphersuite etc.

As to why it hasn't been detected before we cannot answer, perhaps it wasn't scanned correctly?

Leftz · ‎06-06-2022

Thank you for your explanation! It works

Can we say https is related with ssl, if this is a case, after removing https there, what is its replacement? TLS?