We have a lot of Cisco Devices running a fairly recent code (Nexus, IOS, Catalyst). Our Qualys network vulnerability scanner is complaining about deprecated SSH Cryptographic settings and use of diffie-hellman-group1-sha1.
I have verified that the ssh settings on devices is correct and we are using the longest key ( 2048 and 4096 on some devices that support is).
Any Ideas how to deal with this vulnerability in Cisco Infrastructure. We have opened up TAC cased and TAC has confimed that the ssh setting are correct and we are using strong cihers and keys,