CLI no working on my USG110, but does on my USG60W Help please

Ncarbon
Ncarbon Posts: 13  Freshman Member
First Comment First Anniversary
edited April 2021 in Security
To remove the use of RC4 and DES ciphers run the following commands:
Router#configure terminal
Router(config)# no ip http secure-server cipher-suite rc4
Router(config)# no ip http secure-server cipher-suite des
Router(config)# show ip http server secure status

this does not seem to work  I end up with 

Router(config)# show ip http server secure status
active               : yes
port                 : 443
certificate          : default
force redirect       : yes
authentication client: no
strong cipher suite  : yes
cipher suite         : rc4 aes des 3des
ssl protocol         : tls1.2

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Ncarbon

    Which version is working on your USG110?

    I tested it in 4.33 C0 version, there is no this problem.


  • Ncarbon
    Ncarbon Posts: 13  Freshman Member
    First Comment First Anniversary
    edited April 2019
    System Name:BFVPN
    Model Name:USG110
    Serial Number:S162L3020XXX
    MAC Address Range:
    Firmware Version:V4.33(AAPH.0) / 2019-01-09 09:35:01

    I can get in with SSH but the commands don'r seem to remove the ciphers

  • Ncarbon
    Ncarbon Posts: 13  Freshman Member
    First Comment First Anniversary
    Router(config)# no ip http secure-server cipher-suite rc4
    Router(config)# show ip http server secure status
    active               : yes
    port                 : 443
    certificate          : default
    force redirect       : yes
    authentication client: no
    strong cipher suite  : yes
    cipher suite         : rc4 aes des 3des
    ssl protocol         : tls1.2
    admin service control:
    No. Zone                 Address                          Action
    ===============================================================================
    user service control:
    No. Zone                 Address                          Action
    ===============================================================================
    1   WAN                  ALL                              deny
    2   LAN1                 ALL                              accept
    Router(config)#

  • Ncarbon
    Ncarbon Posts: 13  Freshman Member
    First Comment First Anniversary
    So I run the configuration however rc4 and des are not removed
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @Ncarbon

    I will send you private message for check this issue more detail.

Security Highlight