Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL v2 and weak cypher

I have a rsv4000 updated to firmware v2.0.3.4 when remote access is enabled and a PCI compliance scan is done it is accepting weak cyphers ans sslv2 which are considered high security risk. Any thought as to how to fix this and still allow remote access.

Currently you accept the following  ciphers below 128 bits and the SSLv2 protocol. Please disable the acceptance of ciphers below 128 bits and disable the acceptance of the SSLv2 protocol.

 

  Supported Server Cipher(s):

    Accepted  SSLv2  168 bits  DES-CBC3-MD5

    Accepted  SSLv2  128 bits  IDEA-CBC-MD5

    Accepted  SSLv2  128 bits  RC2-CBC-MD5

    Accepted  SSLv2  128 bits  RC4-MD5

    Accepted  SSLv2   56 bits  DES-CBC-MD5

    Accepted  SSLv2   40 bits  EXP-RC2-CBC-MD5

    Accepted  SSLv2   40 bits  EXP-RC4-MD5

    Accepted  SSLv3   56 bits  DES-CBC-SHA

    Accepted  TLSv1   56 bits  DES-CBC-SHA

 

  Prefered Server Cipher(s):

    SSLv2  168 bits  DES-CBC3-MD5

    SSLv3  256 bits  AES256-SHA

    TLSv1  256 bits  AES256-SHA

 

  SSL Certificate:

    Version: 3

    Serial Number: -0

    Signature Algorithm: sha1WithRSAEncryption

    Issuer: /CN=Linksys_RVS4000/OU=RVS4000/O=Cisco Systems, Inc/C=US

    Not valid before: Nov 22 17:03:18 2011 GMT

    Not valid after: Nov 19 17:03:18 2021 GMT

    Subject: /CN=Linksys_RVS4000/OU=RVS4000/O=Cisco Systems, Inc/C=US

    Public Key Algorithm: rsaEncryption

 

Thanks,

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Same problem with RV320.

Same problem with RV320.

3 REPLIES
New Member

Same problem with RV320.

Same problem with RV320.

New Member

Unfortunately I was never

Unfortunately I was never able to resolve the issue with my Cisco RVS4000. There did not seem to be any way to disable the SSLv2 protocol and the firmware update did not make a difference. I was forced to use a different SOHO router from another manufacturer.

Dave

Helloper Cisco RVS4000

Hello

  • per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
  • regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.

lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on).

333
Views
5
Helpful
3
Replies
CreatePlease login to create content