What's New in Software for Cisco IOS XE Dublin 17.11.1a
Feature | Description |
---|---|
Software Activation |
|
License snapshot won’t be generated starting from this release and the software relies only on the existing snapshot for any PAK license information. |
|
Strong Crypto Algorithms |
|
Strong Crypto Algorithms |
We strongly recommend stronger cryptographic algorithms instead of weak cryptographic algorithms, such as RSA keys of less than 2048 bits, MD5 for authentication, DES, and 3DES for encryption. Soon, such weak algorithms will no longer be allowed by default. An explicit configuration is required to continue using such weak algorithms. For SNMP v3 users with weak cryptographic properties, the SNMP operations to the device will fail, resulting in loss of management access to device through SNMP. Similarly, if the RSA key pair is not updated to be at least 2048 bits for SSH, the SSH server will be disabled, resulting in loss of remote access to the device through SSH. For more information on how to migrate to stronger cryptographic algorithms for SNMP, see the Field Notice Number: FN72509. For more information on how to migrate to stronger cryptographic algorithms for SSH, see Field Notice Number: FN72511. |