Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3487
Views
15
Helpful
4
Replies

How to check if 3750 switch is using sslv3

Go to solution
mahesh18
Level 6
Level 6

‎12-15-2014 07:38 PM - edited ‎03-07-2019 09:54 PM

 

Hi Everyone,

i an trying to https to 3750 switch using firefox below is error message

Firefox cannot guarantee the safety of your data on 10.0.0.4 because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_no_cypher_overlap
Learn More…

 

ip http secure-server ---- is configured on 3750.

 

i checked config on 3750 switch it does not show if sslv3 is enabled.

is there any command i can use to check ssl config on 3750 switch?

Regards

Mahesh

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎12-16-2014 05:10 AM

Hi Mahesh,

Try running nmap against your switch: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

nmap --script ssl-enum-ciphers -p 443 <switch_name>

 

There is an open Cisco bug for this vulnerabilty:

https://tools.cisco.com/bugsearch/bug/CSCur23656

 

...which implies that this vulnerabilty is not fixed in any version of IOS!? If you are concerned, use the CLI and drop the HTTP(S) access.

cheers,

Seb.

View solution in original post

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to mahesh18

‎12-18-2014 02:13 PM

Hi Mahesh,

you will need to run nmap from a PC. It is pretty standed *nix CLI tool, but they have released a GUI for it; zenmap:

http://nmap.org/zenmap/

...which offers all of the functionality and avoids the clunky command prompt if you're a windows users!

 

Please rate helpful posts.

 

cheers,

Seb.

View solution in original post

4 Replies 4

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎12-16-2014 05:10 AM

Hi Mahesh,

Try running nmap against your switch: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

nmap --script ssl-enum-ciphers -p 443 <switch_name>

 

There is an open Cisco bug for this vulnerabilty:

https://tools.cisco.com/bugsearch/bug/CSCur23656

 

...which implies that this vulnerabilty is not fixed in any version of IOS!? If you are concerned, use the CLI and drop the HTTP(S) access.

cheers,

Seb.

Go to solution
mahesh18
Level 6
Level 6
In response to Seb Rupik

‎12-18-2014 07:44 AM

 

Hi Seb,

 

I never run nmap before so i have to ask few questions

To run nmap on switch can i do this  from my PC ?

Can it be gui bases or command prompt?

Do i need to download namp software first if yes from which website should i do this?

 

Regards

Mahesh

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to mahesh18

‎12-18-2014 02:13 PM

Hi Mahesh,

you will need to run nmap from a PC. It is pretty standed *nix CLI tool, but they have released a GUI for it; zenmap:

http://nmap.org/zenmap/

...which offers all of the functionality and avoids the clunky command prompt if you're a windows users!

 

Please rate helpful posts.

 

cheers,

Seb.

Go to solution
mahesh18
Level 6
Level 6
In response to Seb Rupik

‎12-20-2014 07:19 AM

Hi Seb,

 

I was able to download and run the nmap via gui version.

It's pretty good tool for network people to use.

Regards

MAhesh

0 Helpful
Customers Also Viewed These Support Documents