Reporter ignore ssl setting by ssl edit command.
Article ID: 214553
Updated On:
Products
Issue/Introduction
Want to remove cipher by "ssl edit ssl-context default cipher-suites remove"
- dhe-rsa-aes128-sha
- dhe-rsa-aes256-sha
Reporter doesn't return "OK" prompt when modify ssl setting by ssl edit command.
Reporter seems to be ignore ssl edit command.
reporter(config)# ssl edit ssl-context default cipher-suites remove dhe-rsa-aes128-sha
reporter(config)# ssl edit ssl-context default cipher-suites remove dhe-rsa-aes256-sha
reporter(config)#
reporter(config)# exit
reporter# ssl view ssl-context default
Name: default
Keyring: default
CCL: browser-trusted
Protocols: tlsv1.1 tlsv1.2
Cipher suites: ecdhe-rsa-aes256-sha dhe-rsa-aes256-sha aes256-sha256 aes256-sha ecdhe-rsa-aes128-gcm-sha256
ecdhe-rsa-aes128-sha256 ecdhe-rsa-aes128-sha dhe-rsa-aes128-sha aes128-sha256 aes128-sha
How to remove specific cipher suites?
Environment
Release : 10.5.2.2
Component : SSL
Resolution
The old reporter command line has input limitation.
You can remove specific ciphers when move to edit ssl-context mode.
reporter(config)# ssl edit ssl-context default cipher-suites
reporter(config-ssl-context default cipher-suites)#
reporter(config-ssl-context default cipher-suites)# remove dhe-rsa-aes128-sha
ok
reporter(config-ssl-context default cipher-suites)# remove dhe-rsa-aes256-sha
ok
reporter(config-ssl-context default cipher-suites)# exit
reporter(config)# exit
reporter# ssl view ssl-context default
Name: default
Keyring: default
CCL: browser-trusted
Protocols: tlsv1.1 tlsv1.2
Cipher suites: ecdhe-rsa-aes256-sha aes256-sha256 aes256-sha ecdhe-rsa-aes128-gcm-sha256 ecdhe-rsa-aes128-sha256 ecdhe-rsa-aes128-sha aes128-sha256 aes128-sha
Additional Information
The Reporter 10.6.1.1 doesn't has this limitation.
reporter(config)# ssl edit ssl-context default cipher-suites remove dhe-rsa-aes256-sha
ok
reporter(config)#
Feedback
