cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
157
Views
1
Helpful
2
Replies

Cisco 2900 IOS with Stronger Cipher Suite

johnlloyd_13
Level 9
Level 9

hi,

i'm looking for an IOS upgrade for a 2900 ISR G2 to support TLS 1.2 ciphers.

the last IOS release was 15.7.3M8.

can someone advise if 15.7.3M8 would support TLS 1.2?

johnlloyd_13_1-1727840766929.png

the current HTTP cipher are the weak 3DES, DES and RC4.

2900#show ip http server all
HTTP server status: Enabled
HTTP server port: 80
HTTP server active supplementary listener ports:
HTTP server authentication method: aaa
HTTP server digest algorithm: md5
HTTP server access class: 10
HTTP server base path:
HTTP server help root:
Maximum number of concurrent server connections allowed: 5
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Maximum number of requests allowed on a connection: 1
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL

2900#conf t
Enter configuration commands, one per line. End with CNTL/Z.
2900(config)#ip http secure-ciphersuite ?
3des-ede-cbc-sha Encryption type ssl_rsa_with_3des_ede_cbc_sha ciphersuite
des-cbc-sha Encryption type ssl_rsa_with_des_cbc_sha ciphersuite
rc4-128-md5 Encryption type ssl_rsa_with_rc4_128_md5 ciphersuite
rc4-128-sha Encryption type ssl_rsa_with_rc4_128_sha ciphersuite

2900(config)#ip http tls-version ?
% Unrecognized command

2900(config)#ip http ?
access-class Restrict http server access by access-class
accounting Set http server accounting parameters
active-session-modules Set up active http server session modules
authentication Set http server authentication method
client Set http client parameters
digest Set http digest parameters
help-path HTML help root URL
max-connections Set maximum number of concurrent http server connections
path Set base path for HTML
port Set http port
secure-active-session-modules Set up active http secure server session modules
secure-ciphersuite Set http secure server ciphersuite
secure-client-auth Set http secure server with client authentication
secure-port Set http secure server port number for listening
secure-server Enable HTTP secure server
secure-trustpoint Set http secure server certificate trustpoint
server Enable http server
session-module-list Set up a http(s) server session module list
timeout-policy Set http server time-out policy parameters

i tried to check in cisco FN but 2900 ISR G2 is no longer listed/EoL.

johnlloyd_13_0-1727840451881.png

1 Accepted Solution

Accepted Solutions

ammahend
VIP
VIP

Based on this documentation looks like ISR G2 devices support TLS1.2

-hope this helps-

View solution in original post

2 Replies 2

ammahend
VIP
VIP

Based on this documentation looks like ISR G2 devices support TLS1.2

-hope this helps-

johnlloyd_13
Level 9
Level 9

thanks for the link/doc!

Review Cisco Networking for a $25 gift card