cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


1386
Views
5
Helpful
1
Replies
sulaimangd
Beginner

weak ssh weak cipher

hi,

- what are the encryption algorithm supported on Cisco SG switches series for Both SSH and HTTPS?

- how can i enable strong encryption algorithms on Cisco SG switches for both SSL and SSH?

- is there a way to enable use of CTR, GCM ciphers on Cisco SG500 switches. I'm trying to get the correct commands?

- is there a way to only use strong encryption and not the weak ciphers?

 

Thanks in advance

Sulaiman

 

1 REPLY 1
mipopov
Cisco Employee

Hello Sulaiman,

What you need to do is to upgrade the switch to higher firmware than 1.4.7.06 (just upgrade to latest - 1.4.9.4):

Here is the link to release notes:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf20x_sg20x/release_notes/R_1_4_7_06_RN.pdf

• Security enhancements:
    - Disabled support for TLS v1.1
    - Disabled support for the following weak SSL ciphers:
           - Cipher suites offering no authentication
           - Cipher suites offering no encryption
           - weak-ciphers below 64 bit
           - cipher suites using DES
           - cipher suites using 3DES
           - cipher suites using RC2
           - cipher suites using RC4
           - cipher suites using MD5
    - SSH enhancements: 
           - Removed support for following weak ciphers: aes256-cbc, arcfour, aes128-cbc, 3des-cbc, and aes192-cbc
           - Added support for following ciphers: aes128-ctr, aes192-ctr, and aes256-ctr
           - Removed MAC hmac-md5

Hope it helps

Cheers, 

Mike