Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1797
Views
0
Helpful
1
Replies

Vulnerabity SHA-1-based Signature

leyakhath muhammed
Level 1
Level 1

‎06-05-2018 07:00 AM - edited ‎03-08-2019 03:15 PM

Hi,

 

     How to fix Vulnerability- SHA-1-based Signature in TLS/SSL Server X.509 Certificate in 2960S

 

The SHA-1 hashing algorithm has known weaknesses that expose it to collision attacks, which may allow an attacker to generate additional X.509 digital certificates with the same signature as an original.

Thanks

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎06-05-2018 08:51 AM

Hello,

 

to my best knowledge as of now, there is no alternative yet other than to use a higher modulus (4096). Which means the below is the best you do:

 

crypto key generate rsa modulus 4096
ip ssh version 2
ip ssh dh min size 4096

0 Helpful
Customers Also Viewed These Support Documents