12-23-2019 11:46 AM - edited 12-23-2019 11:53 AM
Hi Guys, hope someone can help me on this.
I have a Cisco Switch 2960x 48 ports, out internal monitoring says that I should enable Diffie-Hellman Key Exchange and disable weak cipher suites, but when I was to enable Diffie-Hellman Key Exchange the comman says "incomplete command" also the switch has Version 15.2(4r)E3. Can someone help me how to get this done. Thanks in advance!
Solved! Go to Solution.
12-23-2019 08:57 PM
12-23-2019 08:57 PM
12-26-2019 08:30 AM
Hi Francesco,
Please see command:
#ip http secure-ciphersuite ?
aes-128-cbc-sha Encryption type tls_rsa_with_aes_cbc_128_sha
ciphersuite
aes-256-cbc-sha Encryption type tls_rsa_with_aes_cbc_256_sha
ciphersuite
dhe-aes-128-cbc-sha Encryption type tls_dhe_rsa_with_aes_128_cbc_sha
ciphersuite
dhe-aes-256-cbc-sha Encryption type tls_dhe_rsa_with_aes_256_cbc_sha
ciphersuite
edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha
ciphersuite
edche-rsa-rc4-128-sha Encryption type tls_ecdhe_rsa_rc4_128_sha
ciphersuite
null-sha Encryption type tls_rsa_with_null_sha ciphersuite
AMG-SW(config)#ip http secure-ciphersuite edche-rsa-aes-256-cbc-sha
% Incomplete command.
Also tried the command you gave me, still got some errors:
ip ssh dh min 2048|4096
^
% Invalid input detected at '^' marker.
Thanks in advance!!
12-26-2019 09:20 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: