10-13-2013 08:08 AM - edited 03-07-2019 04:00 PM
Hi,
when i try to use web iterface on 3750 stack it go in stuck (see attached screenshot)
i tried different browser all have the same problem
https and http has the same behaviour so i suspect problem doesn't depend to certificates or security misconfguration
ip http server and http secure server are enabled with local authentication and without ACL
sw-ced.71#sh ip http server status
HTTP server status: Disabled
HTTP server port: 80
HTTP server authentication method: local
HTTP server access class: 0
HTTP server base path: flash:/c3750e-universalk9-mz.122-55.SE5/html
HTTP server help root:
Maximum number of concurrent server connections allowed: 16
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Maximum number of requests allowed on a connection: 25
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
in attach the output of
dir /recursive flash:
some hints ?
thank you !
10-13-2013 08:22 AM
Hello
sw-ced.71#sh ip http server status
HTTP server status: Disabled
Conf t
Ip http server.
Also you have secure http configured so you need to connect via port 443 https
Res
Paul
Sent from Cisco Technical Support iPad App
10-13-2013 08:25 AM
.. you are absolutely right ... when a i saw that https and http suffered the same issues i disabled http for security reasons .. now only https is enabled ... but if you are some suggestions i can try https or http only inserting "ip http server enable" configuratin command.
THX
10-13-2013 11:05 AM
It appears odd that even though you are running an image that support strong crypto ("k9") that your ciphersuite is only weak ciphers:
3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
I checked one of my 3750X stacks and the same output line indicates
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5
rc4-128-sha aes-128-cbc-sha aes-256-cbc-sha dhe-aes-128-cbc-sha
dhe-aes-256-cbc-sha
Perhaps you can clear the self-signed certificate and rsa keys and regenerate a new self-signed certificate after you create a new strong RSA key (at least 1024 bits).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: