Cisco switch
-------------------
SSH Protocol Version 1 Session Key Retrieval
https://community.cisco.com/t5/security-knowledge-base/guide-to-better-ssh-security/ta-p/3133344
(config)#ip ssh version 2
--------------------
SSH Weak Key Exchange Algorithms Enabled
https://community.cisco.com/t5/switching/how-to-disable-ssh-weak-key-exchange-algorithm/td-p/4537520
(config)#ip ssh server algorithm encryption aes256-ctr aes128-ctr
(config)#ip ssh server algorithm mac hmac-sha1
(config)#no ip ssh server algorithm mac hmac-sha1-96
---------------
SSH Weak MAC Algorithms Enabled
https://community.cisco.com/t5/other-security-subjects/ssh-weak-mac-algorithms-enabled/td-p/2972727
(config)#ip ssh server algorithm encryption aes256-ctr aes128-ctr
(config)#ip ssh server algorithm mac hmac-sha1
(config)#no ip ssh server algorithm mac hmac-sha1-96
------------
SSH Server CBC Mode Ciphers Enabled
https://community.cisco.com/t5/switching/to-disable-ssh-server-cbc-mode-ciphers/td-p/2451582
(config)#ip ssh server algorithm encryption aes256-ctr aes128-ctr
-------------
TLS Version 1.0 Protocol Detection
SSL RC4 Cipher Suites Supported (Bar Mitzvah)
SSL Certificate Cannot Be Trusted
SSL Self-Signed Certificate
SSL Weak Cipher Suites Supported
SSL Certificate Expiry
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
SSL Medium Strength Cipher Suites Supported (SWEET32)
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
SSL Certificate Signed Using Weak Hashing Algorithm
(config)#no ip http
(config)#no ip http secure-server