10-13-2013 08:08 AM - edited 03-07-2019 04:00 PM
Hi,
when i try to use web iterface on 3750 stack it go in stuck (see attached screenshot)
i tried different browser all have the same problem
https and http has the same behaviour so i suspect problem doesn't depend to certificates or security misconfguration
ip http server and http secure server are enabled with local authentication and without ACL
sw-ced.71#sh ip http server status
HTTP server status: Disabled
HTTP server port: 80
HTTP server authentication method: local
HTTP server access class: 0
HTTP server base path: flash:/c3750e-universalk9-mz.122-55.SE5/html
HTTP server help root:
Maximum number of concurrent server connections allowed: 16
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Maximum number of requests allowed on a connection: 25
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
in attach the output of
dir /recursive flash:
some hints ?
thank you !
10-13-2013 08:22 AM
Hello
sw-ced.71#sh ip http server status
HTTP server status: Disabled
Conf t
Ip http server.
Also you have secure http configured so you need to connect via port 443 https
Res
Paul
Sent from Cisco Technical Support iPad App
10-13-2013 08:25 AM
.. you are absolutely right ... when a i saw that https and http suffered the same issues i disabled http for security reasons .. now only https is enabled ... but if you are some suggestions i can try https or http only inserting "ip http server enable" configuratin command.
THX
10-13-2013 11:05 AM
It appears odd that even though you are running an image that support strong crypto ("k9") that your ciphersuite is only weak ciphers:
3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
I checked one of my 3750X stacks and the same output line indicates
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5
rc4-128-sha aes-128-cbc-sha aes-256-cbc-sha dhe-aes-128-cbc-sha
dhe-aes-256-cbc-sha
Perhaps you can clear the self-signed certificate and rsa keys and regenerate a new self-signed certificate after you create a new strong RSA key (at least 1024 bits).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide