Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

TLS configuration on AOS-CX

This thread has been viewed 10 times
  • 1.  TLS configuration on AOS-CX

    Posted Feb 02, 2024 07:38 AM

    Hello,
    under the old AOS-S you could set the encryption algorithms for the web server via "tls application <application> lowest-version <tls version> cipher <cipher>". But I can't find any options for this purpose in AOS-CX.
    Because in certain environments, for example, the NIST curves are not desired and TLS1.3 via x25519 is required. An NMAP scan returns the following configuration:
    PORT STATE SERVICE
    443/tcp open https
    | ssl-enum-ciphers: 
    | TLSv1.2: 
    | ciphers: 
    | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A
    | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
    | compressors: 
    | NULL
    | cipher preference: server
    |_ least strength: A

    The current TLS 1.3 does not appear to be supported at all.


    Because with SSH you can customise it very well:

    22/tcp open  ssh
    | ssh2-enum-algos: 
    |   kex_algorithms: (2)
    |       curve25519-sha256
    |       curve25519-sha256@libssh.org
    |   server_host_key_algorithms: (1)
    |       ssh-ed25519
    |   encryption_algorithms: (1)
    |       chacha20-poly1305@openssh.com
    |   mac_algorithms: (1)
    |       hmac-sha2-512-etm@openssh.com
    |   compression_algorithms: (1)
    |_      none

    Does anyone here have more information?
    Thank you



  • 2.  RE: TLS configuration on AOS-CX
    Best Answer

    Posted Feb 06, 2024 05:05 AM

    Currently AOS-CX switches TLS applications are hard coded with TLS version 1.2. We do not have support for 1.3 at present.



    ------------------------------
    Shobana
    Aruba
    ------------------------------