How to enable "Secure Web Mode SSL Protocol" on wlc 9800

Print Hello World · ‎03-08-2023

This "config network secureweb cipher-option high enable" command is enable HTTPS on WLC version 8.5.x but i don't know about this commands in WLC 9800

I found a security vulnerability follow detail on below.

- TLS/SSL Weak Message Authentication Code Cipher Suites
- TLS/SSL Server Supports The Use of Static Key Ciphers
- TLS Server Supports TLS version 1.1
- TLS/SSL Server Does Not Support Any Strong Cipher Algorithms

So i need to fix this issue if not upgrade versions. I tried to figure out the details. but not found.

BR.

Mark Elsen · ‎03-08-2023

- Have a look at this document https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9600/software/release/17-6/configuration_guide/sec/b_176_sec_9600_cg/configuring_secure_socket_layer_http.html , I mention it because it refers to IOS-XE which is also used on the 9800 platform , especially look into ip http secure-ciphersuite ? And the subsequent options shown (e.g.) , sorry for font switch , not intended ,

Use this command to check result of config changes on the controller before or adding ciphers e.g : nmap --script ssl-enum-ciphers -p 443 wlc9800

You can configure ip http tls-version TLSv1.3
in the controller configuration (disables TLSv1.1 and 1.2)

M

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '