Default SSL Configuration
4 SSL_RSA_WITH_RC4_128_MD5—RSA key exchange with RC4 128-bit encryption and MD5 for
message digest
5 SSL_RSA_WITH_RC4_128_SHA—RSA key exchange with RC4 128-bit encryption and SHA for
message digest
6 SSL_RSA_WITH_3DES_EDE_CBC_SHA—RSA key exchange with 3DES and DES-EDE3-CBC for
message encryption and SHA for message digest
7 SSL_RSA_WITH_AES_128_CBC_SHA—RSA key exchange with AES 128-bit encryption and SHA
for message digest (only for SSL 3.0).
8 SSL_RSA_WITH_AES_256_CBC_SHA—RSA key exchange with AES 256-bit encryption and SHA
for message digest (only for SSL 3.0).
9 SSL_RSA_WITH_DHE_AES_128_CBC_SHA—RSA key exchange with AES 128-bit encryption and
SHA for message digest (only for SSL 3.0).
10 SSL_RSA_WITH_DHE_AES_256_CBC_SHA—RSA key exchange with AES 256-bit encryption and
SHA for message digest (only for SSL 3.0).
The latest versions of Chrome do not support the four original cipher suites, thus disallowing access to
Note
both web GUI and guest portals.
RSA (in conjunction with the specified encryption and digest algorithm combinations) is used for both key
generation and authentication on SSL connections. This usage is independent of whether or not a CA trustpoint
is configured.
Default SSL Configuration
The standard HTTP server is enabled.
SSL is enabled.
No CA trustpoints are configured.
No self-signed certificates are generated.
SSL Configuration Guidelines
When SSL is used in a switch cluster, the SSL session terminates at the cluster commander. Cluster member
switches must run standard HTTP.
Before you configure a CA trustpoint, you should ensure that the system clock is set. If the clock is not set,
the certificate is rejected due to an incorrect date.
In a switch stack, the SSL session terminates at the stack master.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
128
Configuring Secure Socket Layer HTTP
OL-29048-01