Selecting a cipher suite

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-08-0x
Audience
anonymous
Part Number
MK-97HM85028-11

Cipher suites are part of SSL Version 3 and OSI Transport Layer Security Version 1 Cipher Specifications.
Note: The cipher suites for RSA key exchange used by SSL communication are set to enabled by default.
CAUTION:
  • If you set protocols between the SVP and the storage system, the setting operation on the SVP is also necessary.
  • When the storage system is other than VSP E series, if you select either of the following cipher suites, make sure to enable the cipher suites for RSA key exchange on the SVP.
    • TLS_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_128_CBC_SHA

    If you select not to use both these cipher suites, make sure to disable the cipher suites for RSA key exchange on the SVP.

  • After you select a cipher suite, the available cipher suites differ, depending on the connection path for SSL communications.

You must have the Storage Administrator (View & Modify) role to complete this procedure.

  1. In the maintenance utility Menu navigation tree, click System Management.

  2. Click Select Cipher Suite.
  3. Select the type of communication to use between the management client and the storage system.
    The selections change the encryption level. Higher encryption provides better security but the communication speed is slower. After you select a cipher suite, the available cipher suites differ depending on the connection path for SSL communications.
    • TLS_RSA_WITH_AES_128_CBC_SHA (Prioritize Transmission Speed): This selection provides higher communication speed and lower security.
    • TLS_RSA_WITH_AES_128_CBC_SHA256 (Prioritize Security): This selection provides higher security and lower communication speed.
    If you select either of the following cipher suites, enable the cipher suites for RSA key exchange on the SVP:
    • TLS_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_128_CBC_SHA

    If you do not use either of these cipher suites, disable the cipher suites for RSA key exchange on the SVP.

  4. Click Apply to save the setting and close the dialog box.