Wired Intelligent Edge

 View Only
last person joined: 17 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

TLS configuration on AOS-CX

This thread has been viewed 9 times
  • 1.  TLS configuration on AOS-CX

    Posted 21 days ago

    under the old AOS-S you could set the encryption algorithms for the web server via "tls application <application> lowest-version <tls version> cipher <cipher>". But I can't find any options for this purpose in AOS-CX.
    Because in certain environments, for example, the NIST curves are not desired and TLS1.3 via x25519 is required. An NMAP scan returns the following configuration:
    443/tcp open https
    | ssl-enum-ciphers: 
    | TLSv1.2: 
    | ciphers: 
    | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A
    | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
    | compressors: 
    | NULL
    | cipher preference: server
    |_ least strength: A

    The current TLS 1.3 does not appear to be supported at all.

    Because with SSH you can customise it very well:

    22/tcp open  ssh
    | ssh2-enum-algos: 
    |   kex_algorithms: (2)
    |       curve25519-sha256
    |       curve25519-sha256@libssh.org
    |   server_host_key_algorithms: (1)
    |       ssh-ed25519
    |   encryption_algorithms: (1)
    |       chacha20-poly1305@openssh.com
    |   mac_algorithms: (1)
    |       hmac-sha2-512-etm@openssh.com
    |   compression_algorithms: (1)
    |_      none

    Does anyone here have more information?
    Thank you

  • 2.  RE: TLS configuration on AOS-CX
    Best Answer

    Posted 17 days ago

    Currently AOS-CX switches TLS applications are hard coded with TLS version 1.2. We do not have support for 1.3 at present.