Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2142
Views
5
Helpful
1
Replies

weak ssh weak cipher

sulaimangd
Level 1
Level 1

‎12-09-2018 10:48 PM

hi,

- what are the encryption algorithm supported on Cisco SG switches series for Both SSH and HTTPS?

- how can i enable strong encryption algorithms on Cisco SG switches for both SSL and SSH?

- is there a way to enable use of CTR, GCM ciphers on Cisco SG500 switches. I'm trying to get the correct commands?

- is there a way to only use strong encryption and not the weak ciphers?

 

Thanks in advance

Sulaiman

 

Labels:
0 Helpful
1 Reply 1

mipopov
Cisco Employee
Cisco Employee

‎12-13-2018 03:24 AM

Hello Sulaiman,

What you need to do is to upgrade the switch to higher firmware than 1.4.7.06 (just upgrade to latest - 1.4.9.4):

Here is the link to release notes:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf20x_sg20x/release_notes/R_1_4_7_06_RN.pdf

• Security enhancements:
    - Disabled support for TLS v1.1
    - Disabled support for the following weak SSL ciphers:
           - Cipher suites offering no authentication
           - Cipher suites offering no encryption
           - weak-ciphers below 64 bit
           - cipher suites using DES
           - cipher suites using 3DES
           - cipher suites using RC2
           - cipher suites using RC4
           - cipher suites using MD5
    - SSH enhancements: 
           - Removed support for following weak ciphers: aes256-cbc, arcfour, aes128-cbc, 3des-cbc, and aes192-cbc
           - Added support for following ciphers: aes128-ctr, aes192-ctr, and aes256-ctr
           - Removed MAC hmac-md5

Hope it helps

Cheers, 

Mike

 

Customers Also Viewed These Support Documents