Determine which cipher-suites been used by the Proxy HTTPS-Console service.
Article ID: 165654
Updated On:
Products
Issue/Introduction
The management service - HTTPS-Console is running on port 8082 and it uses certain hashing algorithms or ciphers like SHA, MD5, etc.
There are strong and weak ciphers used by default on the proxy.
Some vulnerability scanners might detect some week ciphers or hashing algorithms being used on the HTTPS-Console service on port 8082.
There is a requirement to disable weak hashing algorithms or ciphers been used.
Resolution
You can run the commands below to select which cipher you would like to use or disable the weak ciphers.
ProxySG#enable
Enable Password:
ProxySG#conf t
Enter configuration commands, one per line. End with CTRL-Z.
ProxySG#(config)management-services
ProxySG#(config management-services)edit HTTPS-Console
ProxySG#(config HTTPS-Console)attribute cipher-suite
Cipher# Use Description Strength
------- --- --------------------------- --------
1 yes TLS_AES_256_GCM_SHA384 High
2 yes TLS_AES_128_GCM_SHA256 High
3 yes TLS_CHACHA20_POLY1305_SHA256 High
4 yes TLS_AES_128_CCM_8_SHA256 High
5 yes TLS_AES_128_CCM_SHA256 High
6 yes ECDHE-RSA-AES256-GCM-SHA384 High
7 yes ECDHE-RSA-AES128-GCM-SHA256 High
8 no ECDHE-RSA-AES256-SHA384 High
9 no ECDHE-RSA-AES128-SHA256 High
10 no ECDHE-RSA-AES256-SHA High
11 no ECDHE-RSA-AES128-SHA High
12 yes DHE-RSA-AES256-GCM-SHA384 High
13 yes DHE-RSA-AES128-GCM-SHA256 High
14 no DHE-RSA-AES256-SHA High
15 no DHE-RSA-AES128-SHA High
16 yes AES256-GCM-SHA384 High
17 yes AES128-GCM-SHA256 High
18 no AES256-SHA256 High
19 no AES128-SHA256 High
20 no AES256-SHA High
21 no AES128-SHA High
22 no ECDHE-RSA-RC4-SHA Medium
23 no DES-CBC3-SHA Medium
24 no RC4-SHA Medium
25 no RC4-MD5 Medium
Select cipher numbers to use, separated by commas:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Example:
Select cipher numbers to use, separated by commas: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
ok
Feedback
