Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2364
Views
0
Helpful
2
Replies

How do I disable Cipher Block Chaining (CBC) encryption for SSH server on Cisco 3560X Switches

Go to solution
yclee88_ncs
Level 1
Level 1

‎03-30-2015 07:46 PM - edited ‎03-07-2019 11:19 PM

Hi, a security audit has found that the SSH server service on our WS-C3560X-48T-L running IOS version 15.0(2)SE5 is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.

The advice from auditor is to disable Cipher Block Chaining specifically and then enable CTR or GCM cipher mode encryption - how can this be done? Is it something that can be performed from the IOS command line?  Please advise and thanks in advanced.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎03-31-2015 01:39 AM

I don't think that the 3560X already supports CTR. On the IOS-routers, support was added in IOS 15.4(2)T. Until we have the support in IOS, the SSH-crypto is quite limited.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎03-31-2015 01:39 AM

I don't think that the 3560X already supports CTR. On the IOS-routers, support was added in IOS 15.4(2)T. Until we have the support in IOS, the SSH-crypto is quite limited.

0 Helpful

Go to solution
carlbaca
Level 1
Level 1
In response to Karsten Iwen

‎09-23-2017 10:37 AM

Hi,

I have switches 2960G with this problem. In this case, not is posibble solve the problem?

Thanks

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card