SSLv2 & Broadcasting AP Name Cisco 5508

Unanswered Question
Apr 10th, 2012
User Badges:

Hi,

We had a pen test completed on our wireless network recently and two elements that came out of it that surprised me were the following:

The guest wireless portal is using SSLv2 and they recommend that we use SSLv3.  I haven't been able to see anywhere if this can be changed or checked for current version.  Is it possible to upgrade?

The second item was with regards the broadcasting of the SSID.  When the SSID is broadcasting the administrative name of the LAP's is visible using wireshark.  Is there a setting to hide these within the controller or is the only option to rename all the LAP's to something simple like AP1?

Cheers

Brian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Brian O'Flynn Tue, 04/10/2012 - 04:11
User Badges:

Sorry, just to add, the version running on the WLC is 7.0.98.0

Stephen Rodriguez Tue, 04/10/2012 - 04:31
User Badges:
  • Purple, 4500 points or more

To enable SSLv3 you set the cipher option to be high


config network secureweb cipher-option high.


You should also be able ti set this from the Management tab


Steve


Sent from Cisco Technical Support iPhone App

Brian O'Flynn Tue, 04/10/2012 - 04:54
User Badges:

That is great thanks Steve.  Couldn't find it from the management tab but cli is grand with me.


Cheers

Brian

Amjad Abdullah Wed, 04/11/2012 - 03:55
User Badges:
  • Red, 2250 points or more

Steve:


Thanks for your useful info as usual.
What you metnioned is not available under the management tab. It is only available form CLI.

It is not mandatory to use "high". you can simply disable SSLv2 to be be able to use only SSLv3 or higher.


Here is the link from config guide: http://tiny.cc/k9jlcw.

But config guide does not make it clear.

It says that disabling SSLv2 will make it only possible to use SSLv3. (it did not mention that the "high" cipher should be enabled).


Brian you may check it if it is going to work if SSLv2 is disabled and "high" is disabled as well. Check please and let us know if it is going to use SSLv3 or you necessarily need to configure the "high" as well.


Amjad

Actions

This Discussion

 

 

Trending Topics - Security & Network