Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
keystroke13
New Contributor
‎10-02-2012 04:19 PM

Disable Weak Ciphers

Jump to solution

We are currently running AOS version 18.02.03.00.E on a NetVanta 1300 Series access router. Is there a way to disable all weak ciphers when allowing HTTPS access to the internal web server/GUI? The device allows for DES 56-bit key (DES-CBC-SHA) which is now considered to be insecure.

Labels (1)
0 Kudos
Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎10-04-2012 09:14 AM

Re: Disable Weak Ciphers

Jump to solution

Yes, you can disable it using the http secure-ciphersuite commands.

E.g.:

BT_900E(config)#do sho run ver | inc cipher

http secure-ciphersuite dhe-rsa-aes256-sha

http secure-ciphersuite aes256-sha

http secure-ciphersuite edh-rsa-des-cbc3-sha

http secure-ciphersuite des-cbc3-sha

http secure-ciphersuite des-cbc3-md5

http secure-ciphersuite dhe-rsa-aes128-sha

http secure-ciphersuite aes128-sha

http secure-ciphersuite rc4-sha

http secure-ciphersuite rc4-md5

http secure-ciphersuite edh-rsa-des-cbc-sha

http secure-ciphersuite des-cbc-sha

http secure-ciphersuite des-cbc-md5

BT_900E(config)#no http secure-ciphersuite des-cbc-sha

BT_900E(config)#

Hope this helps,

Brett

View solution in original post

0 Kudos
Reply
3 Replies
Anonymous
Not applicable
‎10-04-2012 09:14 AM

Re: Disable Weak Ciphers

Jump to solution

Yes, you can disable it using the http secure-ciphersuite commands.

E.g.:

BT_900E(config)#do sho run ver | inc cipher

http secure-ciphersuite dhe-rsa-aes256-sha

http secure-ciphersuite aes256-sha

http secure-ciphersuite edh-rsa-des-cbc3-sha

http secure-ciphersuite des-cbc3-sha

http secure-ciphersuite des-cbc3-md5

http secure-ciphersuite dhe-rsa-aes128-sha

http secure-ciphersuite aes128-sha

http secure-ciphersuite rc4-sha

http secure-ciphersuite rc4-md5

http secure-ciphersuite edh-rsa-des-cbc-sha

http secure-ciphersuite des-cbc-sha

http secure-ciphersuite des-cbc-md5

BT_900E(config)#no http secure-ciphersuite des-cbc-sha

BT_900E(config)#

Hope this helps,

Brett

0 Kudos
Reply
Anonymous
Not applicable
‎01-24-2013 04:42 PM

Re: Disable Weak Ciphers

Jump to solution

:

I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

Levi

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎02-18-2013 04:29 PM

Re: Disable Weak Ciphers

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi

0 Kudos
Accept as Solution Reply