Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
0
Helpful
3
Replies

HTTP/HTTPS problems 3750X

gdelpanta
Level 1
Level 1

‎10-13-2013 08:08 AM - edited ‎03-07-2019 04:00 PM

Hi,

when i try to use web iterface on 3750 stack it go in stuck (see attached screenshot)

img-2013-10-13-2.jpg

i tried different browser all have the same problem

https and http has the same behaviour so i suspect problem doesn't depend to certificates or security misconfguration

ip http server and http secure server are enabled with local authentication and without ACL

sw-ced.71#sh ip http server status

HTTP server status: Disabled

HTTP server port: 80

HTTP server authentication method: local

HTTP server access class: 0

HTTP server base path: flash:/c3750e-universalk9-mz.122-55.SE5/html

HTTP server help root:

Maximum number of concurrent server connections allowed: 16

Server idle time-out: 180 seconds

Server life time-out: 180 seconds

Maximum number of requests allowed on a connection: 25

HTTP server active session modules: ALL

HTTP secure server capability: Present

HTTP secure server status: Enabled

HTTP secure server port: 443

HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha

HTTP secure server client authentication: Disabled

HTTP secure server trustpoint:

HTTP secure server active session modules: ALL

                  

in attach the output of

dir /recursive flash:

some hints ?

thank you !

Labels:
15369072-dir.txt.zip
0 Helpful
3 Replies 3

paul driver
VIP
VIP

‎10-13-2013 08:22 AM

Hello

sw-ced.71#sh ip http server status
HTTP server status: Disabled

Conf t
Ip http server.

Also you have secure http configured so you need to connect via port 443 https

Res
Paul

Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

gdelpanta
Level 1
Level 1
In response to paul driver

‎10-13-2013 08:25 AM

.. you are absolutely right ... when a i saw that https and http suffered the same issues i disabled http for security reasons .. now only https is enabled ... but if you are some suggestions i can try https or http only inserting "ip http server enable" configuratin command.

THX

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to gdelpanta

‎10-13-2013 11:05 AM

It appears odd that even though you are running an image that support strong crypto ("k9")  that your ciphersuite is only weak ciphers:

3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha

I checked one of my 3750X stacks and the same output line indicates

HTTP secure server ciphersuite:  3des-ede-cbc-sha des-cbc-sha rc4-128-md5

        rc4-128-sha aes-128-cbc-sha aes-256-cbc-sha dhe-aes-128-cbc-sha

        dhe-aes-256-cbc-sha

Perhaps you can clear the self-signed certificate and rsa keys and regenerate a new self-signed certificate after you create a new strong RSA key (at least 1024 bits).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card