Security

Hi, we are doing a lot of internal hardening on our devices and such.  Vulnerability scans indicate that our ArubaOS-CX switches have TLS 1.0/1.1 enabled with weak ciphers.  Now I know about disabling cipher suites for SSH which we have done.  The vulnerability scans indicate weak ciphers and TLS 1.0 still being used on port 443.  I can find no commands on ArubaOS-CX to disable TLS 1.0/1.1.  Are there any and I'm just missing it?  

-------------------------------------------

The minimum TLS version that is supported on CX switches v1.2

You can run this command and check. BTW I am running 10.16.1030 firmware version on my CX switch.

Core# sh tls global

Minimum TLS version : 1.2

TLS 1.2 cipher suites from highest to lowest priority :
  State       Cipher Suite
  ----------  ---------------------------------------
  allowed     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  allowed     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  allowed     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  allowed     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  allowed     TLS_RSA_WITH_AES_256_GCM_SHA384
  allowed     TLS_RSA_WITH_AES_128_GCM_SHA256

TLS 1.3 cipher suites from highest to lowest priority :
  State       Cipher Suite
  ----------  -----------------------------
  allowed     TLS_AES_256_GCM_SHA384
  allowed     TLS_AES_128_GCM_SHA256
  allowed     TLS_CHACHA20_POLY1305_SHA256
  allowed     TLS_AES_128_CCM_8_SHA256
  allowed     TLS_AES_128_CCM_SHA256

<removed the rest>
Core#

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------