Wired Intelligent Edge (Campus Switching and Routing)

How To Disable 3DES Ciphers On The HPE/Aruba 3500yl Switch

MVP
MVP
Q:

How can I disable 3DES ciphers on the 3500yl switch?



A:

Most of the current model switches have a "disable" option in the "tls application" context to disable specific ciphers.

For example, current switch models can use the following commands to disable 3DES ciphers:
tls application web-ssl lowest-version <tls1.x> disable ecdhe-rsa-des-cbc3-sha
tls application web-ssl lowest-version <tls1.x> disable des-cbc3-sha

Note that the "disable" option is available in the above commands.

However, some older switches, such as the 3500yl switch do not have the "disable" option available.
However, to achieve the desired effect of disabling 3DES ciphers, we can ‘enforce’ the non-3DES ciphers.
This can be configured by executing the below commands: 
tls application all lowest-version tls1.2 cipher aes128-sha
tls application all lowest-version tls1.2 cipher aes128-sha256
tls application all lowest-version tls1.2 cipher aes256-sha
tls application all lowest-version tls1.2 cipher aes256-sha256
 
The above commands configure the switch to support only the above mentioned four ciphers, effectively disabling 3DES ciphers.

 

Version history
Revision #:
1 of 1
Last update:
‎04-09-2020 08:49 AM
Updated by:
 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: