create enco key=0 type=rsa length=2048 set system distinguishedname="cn=switch1,o=my_company,c=us" create pki certificate=cer_name keypair=0 serialnumber=12345 subject="cn=172.30.1.105,o=my_company, c=us" add pki certificate=cer_name location=cer_name.cer trust=yes set http server security=on sslkey=0 port=443
It only allows two low-security ciphers which are not supported by any modern browsers (firefox,chrome,ie) anymore. The only browser I found which still does support them is IE6, which is not really an option.
Supported Server Cipher(s): Accepted SSLv3 56 bits DES-CBC-SHA Accepted SSLv3 40 bits EXP-DES-CBC-SHA
How can I configure the http server so it allows better ciphers which are supported by modern browsers?
The manual you linked to says, in part:
A 3DES feature licence is required to use 3DES encryption.
So you can pay for this and get 168-bit 3DES. That’s probably about all you can do, but it really only would buy you a little time.
With a switch of this age, there probably isn’t much else you can do. Keep in mind, also, that there have been many attacks on SSL/TLS in the past few years, and this switch apparently can’t be brought up to date for any of them.
If it were me, I’d leave the web interface turned off, and put the switch on my list of things to be replaced.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.