cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13607
Views
6
Helpful
4
Replies

Is there a way to check the TLS version on a Cisco L3 switch ?

DhaneshRaj2706
Level 1
Level 1

Hello All,

 

We are undergoing a security audit at the moment and the audit is requiring proofs that the network devices are running the latest TLS 1.2 version if applicable. 

 

Is there a way to check the TLS version on Cisco switches ? 

 

Any help would be greatly appreciated.

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Use nmap (or zenmap if using windows) and run the ssl enumeration script:

nmap --script ssl-enum-ciphers <l3_switch_ip_address>

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

 

...this will produce an output listing the ciphers available on the switch ordered by TLS version.

 

cheers,

Seb.

View solution in original post

4 Replies 4

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Use nmap (or zenmap if using windows) and run the ssl enumeration script:

nmap --script ssl-enum-ciphers <l3_switch_ip_address>

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

 

...this will produce an output listing the ciphers available on the switch ordered by TLS version.

 

cheers,

Seb.

Thank you so much, this is all we wanted . :) 

sarath92
Level 1
Level 1

Hi Dhanesh,

 

A simple command: "sh ip http server all" will show you the TLS version. I don't know why Seb asked you to run that zenmap script. Am I missing something Seb?

Hi there,

@sarath92 

The OP mentioned they were conducting an audit which typically involves more than one host. Although your command would also show the cipher suite, it would need to be executed on a per-device basis which is not very scalable. Yes, you could use something like ansible or netmiko to execute the script, but both involve additional moving parts.

Using nmap and passing it an IP range as an argument or text file of IP addresses will produce the required information in a single block of output.

 

cheers,

Seb.