For When You Can't Have The Real Thing
[ start | index | login ]
start > Cisco > ASA > 9.8 > Sweet32 Mitigation

Sweet32 Mitigation

Created by dave. Last edited by dave, 3 years and 310 days ago. Viewed 683 times. #2
[diff] [history] [edit] [rdf]
labels
attachments
(2020-01-20)

Problem

CVE-2016-2183 (Sweet32)on ASA.

Solution

For 9.3(2) and higher:

# conf t
(config)# ssl cipher tlsv1 fips
(config)# ssl cipher tlsv1.1 fips
(config)# ssl cipher tlsv1.2 fips
(config)# exit

Prior to 9.3(2):

# conf t
(config)# ssl encryption aes128-sha1 aes256-sha1 dhe-aes256-sha1 dhe-aes128-sha1
(config)# exit

Source

>>Cisco Bug Search

Commentary

Amusingly, this leaves some of the the even less-well-protected DES ciphers enabled.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt