Disabling ciphers.
search cancel

Disabling ciphers.

book

Article ID: 374070

calendar_today

Updated On:

Products

SV-1800 SSL Visibility Appliance Software

Issue/Introduction

A remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 gss-gex-sha1-* gss-group1-sha1-* gss-group14-sha1-*

How can the ciphers be disabled from the appliance, considering that the current version installed is 4.5.6.1-262238, on SV800-250M-C .

Environment

SV-1800/SV-3800

Resolution

To disable ciphers in the SSL Visibility appliance, you will first have to upgrade to version 4.5.11.1 or above, 

  1. login to the sslv using ssh.
  2. Enter the elevated privilege mode, known as enable mode. You will be prompted to enter the enable password.

    Syntax:
    > enable

    Notes:

    • When enable mode is turned on, the prompt changes from > to #,

    • To return to standard mode, use the disable command.

  3. Type ssh-console cipher?

  4. Use the "view" sub command to view the existing ciphers.

  5. Use the "remove" sub command to remove the cyphers not needed. Please see the snippet below, for a sample.

Note: The "ssh-console" command may not exist in SSLV the lower versions, like 4.5.6.x.