How To Disable 3DES Ciphers On The HPE/Aruba 3500yl Switch

By esupport posted Apr 09, 2020 11:49 AM

  
Q:

How can I disable 3DES ciphers on the 3500yl switch?



A:

Most of the current model switches have a "disable" option in the "tls application" context to disable specific ciphers.

For example, current switch models can use the following commands to disable 3DES ciphers:
tls application web-ssl lowest-version <tls1.x> disable ecdhe-rsa-des-cbc3-sha
tls application web-ssl lowest-version <tls1.x> disable des-cbc3-sha

Note that the "disable" option is available in the above commands.

However, some older switches, such as the 3500yl switch do not have the "disable" option available.
However, to achieve the desired effect of disabling 3DES ciphers, we can ‘enforce’ the non-3DES ciphers.
This can be configured by executing the below commands: 
tls application all lowest-version tls1.2 cipher aes128-sha
tls application all lowest-version tls1.2 cipher aes128-sha256
tls application all lowest-version tls1.2 cipher aes256-sha
tls application all lowest-version tls1.2 cipher aes256-sha256
 
The above commands configure the switch to support only the above mentioned four ciphers, effectively disabling 3DES ciphers.

 

0 comments
0 views