Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1140
Views
0
Helpful
2
Replies

Removing SSLv2 support

Michael986
Level 1
Level 1

‎03-11-2012 09:11 PM

Our SGE2010 switch is accepting connections using SSLv2 (according to the PCI compatibility scanner)

Is there a way to prevent it from accepting / responding to connections using this version of SSL but still allowing connections using SSLv3 or TLS?

If not, can I switch off SSL connections alltogether - and if I do this, can I switch it on/off from a telnet session to allow me to switch on the web interface when changes are required?

Thanks

Michael

Labels:
0 Helpful
2 Replies 2

jasbryan
Level 6
Level 6

‎03-12-2012 03:50 PM

Micahel,

Don't think there is a way to disable the SSL/HTTPs for accepting request but you can look around in lcli - lcli isn't officially supported and very little information on Cli on these switches.

https://supportforums.cisco.com/message/3515143#3515143

Jasbrayn

0 Helpful

Michael986
Level 1
Level 1
In response to jasbryan

‎03-13-2012 04:28 PM

Thanks for your response Jasbrayn,

However, how would you suggest I go about getting a definitive answer from Cisco on this? The problem is that this device is 'in scope' for our PCI compliance, and accepting connections on SSLv2 is a straightforward 'fail'.

As we only bought this device 6 months ago, I would have thought that (especially with PCI compliance being well established) there would be some way to disable what is, in effect, 10+ year old technology

Michael

0 Helpful
Customers Also Viewed These Support Documents