10-01-2024 08:50 PM - edited 10-01-2024 08:51 PM
hi,
i'm looking for an IOS upgrade for a 2900 ISR G2 to support TLS 1.2 ciphers.
the last IOS release was 15.7.3M8.
can someone advise if 15.7.3M8 would support TLS 1.2?
the current HTTP cipher are the weak 3DES, DES and RC4.
2900#show ip http server all
HTTP server status: Enabled
HTTP server port: 80
HTTP server active supplementary listener ports:
HTTP server authentication method: aaa
HTTP server digest algorithm: md5
HTTP server access class: 10
HTTP server base path:
HTTP server help root:
Maximum number of concurrent server connections allowed: 5
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Maximum number of requests allowed on a connection: 1
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
2900#conf t
Enter configuration commands, one per line. End with CNTL/Z.
2900(config)#ip http secure-ciphersuite ?
3des-ede-cbc-sha Encryption type ssl_rsa_with_3des_ede_cbc_sha ciphersuite
des-cbc-sha Encryption type ssl_rsa_with_des_cbc_sha ciphersuite
rc4-128-md5 Encryption type ssl_rsa_with_rc4_128_md5 ciphersuite
rc4-128-sha Encryption type ssl_rsa_with_rc4_128_sha ciphersuite
2900(config)#ip http tls-version ?
% Unrecognized command
2900(config)#ip http ?
access-class Restrict http server access by access-class
accounting Set http server accounting parameters
active-session-modules Set up active http server session modules
authentication Set http server authentication method
client Set http client parameters
digest Set http digest parameters
help-path HTML help root URL
max-connections Set maximum number of concurrent http server connections
path Set base path for HTML
port Set http port
secure-active-session-modules Set up active http secure server session modules
secure-ciphersuite Set http secure server ciphersuite
secure-client-auth Set http secure server with client authentication
secure-port Set http secure server port number for listening
secure-server Enable HTTP secure server
secure-trustpoint Set http secure server certificate trustpoint
server Enable http server
session-module-list Set up a http(s) server session module list
timeout-policy Set http server time-out policy parameters
i tried to check in cisco FN but 2900 ISR G2 is no longer listed/EoL.
Solved! Go to Solution.
10-01-2024 10:03 PM
Based on this documentation looks like ISR G2 devices support TLS1.2
10-01-2024 10:03 PM
Based on this documentation looks like ISR G2 devices support TLS1.2
10-01-2024 11:13 PM
thanks for the link/doc!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide