Configuring cipher suites

Server and Cluster Administration Guide for Hitachi NAS Platform

Part Number

You can restrict which cipher suites may be used to comply with your security policies.

Use HNAS console commands to configure cipher suites or to disable cipher suites you do not wish to use.

  1. To list the enabled cipher suites, enter:
    $ tls-cipher-suite-list
    Note: See the Hitachi Unified Storage File Module System Access Guide for directions on how to access the HNAS server CLI.
    The enabled and disabled cipher suites are shown.
  2. To list specific cipher suites, enter:
    $ tls-cipher-suite-list EXP-RC4-MD5
    $ tls-cipher-suite-list EXP-RC4-MD5:  enabled
    The tls-cipher-suite-list command lists all known cipher suites and shows whether each is enabled or disabled.
  3. To disable an enabled cipher suite, enter:
    $ tls-cipher-suite-disable --confirm EXP-RC4_MD5
    $ tls-cipher-suite-list EXP-RC4-MD5
    EXP-RC4-MD5 : disabled
    Note: The --confirm option must be included to commit changes and restart the HTTPS server.
  4. To enable a disabled cipher suite, enter:
    $ tls-cipher-suite-enable --confirm EXP-RC4_MD5
    $ tls-cipher-suite-list EXP-RC4-MD5
    EXP-RC4-MD5 : enabled
  5. To reset the cipher suites to the defaults, enter:
    $ tls-cipher-suite-default --confirm
When the SSL configuration is changed, or a custom certificate is installed or removed, the HTTPS management server is automatically restarted to ensure that all current and future connections make use of the certificate, and the enabled versions and ciphers. An incorrect configuration can cause the NAS Manager to be unable to communicate with the HTTPS management server. Verify that the NAS Manager can still communicate after the settings have been changed.