03-30-2015 07:46 PM - edited 03-07-2019 11:19 PM
Hi, a security audit has found that the SSH server service on our WS-C3560X-48T-L running IOS version 15.0(2)SE5 is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
The advice from auditor is to disable Cipher Block Chaining specifically and then enable CTR or GCM cipher mode encryption - how can this be done? Is it something that can be performed from the IOS command line? Please advise and thanks in advanced.
Solved! Go to Solution.
03-31-2015 01:39 AM
I don't think that the 3560X already supports CTR. On the IOS-routers, support was added in IOS 15.4(2)T. Until we have the support in IOS, the SSH-crypto is quite limited.
03-31-2015 01:39 AM
I don't think that the 3560X already supports CTR. On the IOS-routers, support was added in IOS 15.4(2)T. Until we have the support in IOS, the SSH-crypto is quite limited.
09-23-2017 10:37 AM
Hi,
I have switches 2960G with this problem. In this case, not is posibble solve the problem?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide