12-23-2019 11:46 AM - edited 12-23-2019 11:53 AM
Hi Guys, hope someone can help me on this.
I have a Cisco Switch 2960x 48 ports, out internal monitoring says that I should enable Diffie-Hellman Key Exchange and disable weak cipher suites, but when I was to enable Diffie-Hellman Key Exchange the comman says "incomplete command" also the switch has Version 15.2(4r)E3. Can someone help me how to get this done. Thanks in advance!
Solved! Go to Solution.
12-23-2019 08:57 PM
12-23-2019 08:57 PM
12-26-2019 08:30 AM
Hi Francesco,
Please see command:
#ip http secure-ciphersuite ?
aes-128-cbc-sha Encryption type tls_rsa_with_aes_cbc_128_sha
ciphersuite
aes-256-cbc-sha Encryption type tls_rsa_with_aes_cbc_256_sha
ciphersuite
dhe-aes-128-cbc-sha Encryption type tls_dhe_rsa_with_aes_128_cbc_sha
ciphersuite
dhe-aes-256-cbc-sha Encryption type tls_dhe_rsa_with_aes_256_cbc_sha
ciphersuite
edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha
ciphersuite
edche-rsa-rc4-128-sha Encryption type tls_ecdhe_rsa_rc4_128_sha
ciphersuite
null-sha Encryption type tls_rsa_with_null_sha ciphersuite
AMG-SW(config)#ip http secure-ciphersuite edche-rsa-aes-256-cbc-sha
% Incomplete command.
Also tried the command you gave me, still got some errors:
ip ssh dh min 2048|4096
^
% Invalid input detected at '^' marker.
Thanks in advance!!
12-26-2019 09:20 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide