Symptom
The Cisco Nexus 1000 (N1K) Series Switch supports Open Secure Socket Layer (OpenSSL)
Rivest Cipher 4 (RC4) ciphers which are considered less secure than other more modern
encryption algorithms. The N1K needs to remove support for RC4 ciphers or make that support
configurable by the user.
Conditions
The device running with default configuration running an affected version of software.
This was tested via the command ''openssl s_client -connect xxx.xxx.xxx.xxx:443 -cipher RC4''.
Workaround
The client can be configured to not support RC4 ciphers.
Further Problem Description
Please see http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html for further information
on securing your Cisco infrastructure.
PSIRT Evaluation
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
