08-03-2022 12:45 PM
Hi We have switch WS-C3850. IOS is a little bit old. Currently we do not plan to upgrade. and we got message about security vulnerability. Please see below. Anyone can share some experience what action can resolve the issue? Thank you
Weak SSL/TLS Key Exchange
Cisco Router/Switch Default Password Vulnerability
Solved! Go to Solution.
08-03-2022 01:26 PM - edited 08-03-2022 01:35 PM
@Leftz do you even use https to manage the switch, if not disable it - "no ip http secure-server"
You can secure the HTTPS ciphersuites using "ip http secure-ciphersuite" command. Example "ip http secure-ciphersuite dhe-aes-256-cbc-sha dhe-aes-128-cbc-sha" or specify a strong ciphersuite that is supported by your old image. Use "ip http secure-ciphersuite ?" to find out what is supported.
08-03-2022 01:26 PM - edited 08-03-2022 01:35 PM
@Leftz do you even use https to manage the switch, if not disable it - "no ip http secure-server"
You can secure the HTTPS ciphersuites using "ip http secure-ciphersuite" command. Example "ip http secure-ciphersuite dhe-aes-256-cbc-sha dhe-aes-128-cbc-sha" or specify a strong ciphersuite that is supported by your old image. Use "ip http secure-ciphersuite ?" to find out what is supported.
08-03-2022 01:49 PM
friend this is SW not Web Server, so you need only the Admin PC to access to SSL HTTP in SW,
if you can not Upgrade the SW at less Downgrade the Admin PC or use weak other cipher SSL ver.
08-04-2022 08:38 AM
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide