Symptom
HMAC-SHA1 MAC Algorithm is enabled by default and cannot be easily disabled.
Conditions
All Nexus platforms and versions currently available.
Workaround
If HMAC-SHA1 must be disabled please contact Cisco TAC for instructions on how to change it.
Further Problem Description
There are currently no known vulnerabilities with HMAC-SHA1 and it does not need to be disabled.
Some organizations with strong security postures may require it to be disabled regardless.
*PSIRT Evaluation:*
The Cisco PSIRT has evaluated this issue and determined that it does not have a security impact that requires PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html
