cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3411
Views
10
Helpful
3
Replies

Diffie-Hellman Key Exchange /Report Weak Cipher Suites

PaoloArnedo
Level 1
Level 1

Hi Guys, hope someone can help me on this.

I have a Cisco Switch 2960x 48 ports, out internal monitoring says that I should enable Diffie-Hellman Key Exchange and disable weak cipher suites, but when I was to enable Diffie-Hellman Key Exchange the comman says "incomplete command" also the switch has Version 15.2(4r)E3. Can someone help me how to get this done. Thanks in advance!

1 Accepted Solution

Accepted Solutions

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Can you share commands you tried?

Have you tried the following:
- ip ssh serv alg kex --> then choose the one you want
- ip ssh dh min 2048|4096 (--> choose the one you want)
...



Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Can you share commands you tried?

Have you tried the following:
- ip ssh serv alg kex --> then choose the one you want
- ip ssh dh min 2048|4096 (--> choose the one you want)
...



Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hi Francesco,

Please see command:

#ip http secure-ciphersuite ?
aes-128-cbc-sha Encryption type tls_rsa_with_aes_cbc_128_sha
ciphersuite

aes-256-cbc-sha Encryption type tls_rsa_with_aes_cbc_256_sha
ciphersuite

dhe-aes-128-cbc-sha Encryption type tls_dhe_rsa_with_aes_128_cbc_sha
ciphersuite

dhe-aes-256-cbc-sha Encryption type tls_dhe_rsa_with_aes_256_cbc_sha
ciphersuite

edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha
ciphersuite

edche-rsa-rc4-128-sha Encryption type tls_ecdhe_rsa_rc4_128_sha
ciphersuite

null-sha Encryption type tls_rsa_with_null_sha ciphersuite

AMG-SW(config)#ip http secure-ciphersuite edche-rsa-aes-256-cbc-sha
% Incomplete command.

 

Also tried the command you gave me, still got some errors:

ip ssh dh min 2048|4096
                       ^
% Invalid input detected at '^' marker.

Thanks in advance!!

 

 

I'm not sure. Did you for commands I gave you? Did it work?

The last command with 2048|4096 is either 2048 or 4096. You don't have to type the 2 numbers with the pipe sign.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: