Skip to main content
Hitachi Vantara Knowledge

Configuring cipher suites

You can restrict which cipher suites may be used to comply with your security policies.

Use HNAS console commands to configure cipher suites or to disable cipher suites you do not wish to use.

Procedure

  1. To list the enabled cipher suites, enter:

    $ tls-cipher-suite-list
    NoteSee the Hitachi Unified Storage File Module System Access Guide for directions on how to access the HNAS server CLI.
    The enabled and disabled cipher suites are shown.
  2. To list specific cipher suites, enter:

    $ tls-cipher-suite-list EXP-RC4-MD5
    $ tls-cipher-suite-list EXP-RC4-MD5:  enabled
    The tls-cipher-suite-list command lists all known cipher suites and shows whether each is enabled or disabled.
  3. To disable an enabled cipher suite, enter:

    $ tls-cipher-suite-disable --confirm EXP-RC4_MD5
    $ tls-cipher-suite-list EXP-RC4-MD5
    EXP-RC4-MD5 : disabled
    NoteThe --confirm option must be included to commit changes and restart the HTTPS server.
  4. To enable a disabled cipher suite, enter:

    $ tls-cipher-suite-enable --confirm EXP-RC4_MD5
    $ tls-cipher-suite-list EXP-RC4-MD5
    EXP-RC4-MD5 : enabled
  5. To reset the cipher suites to the defaults, enter:

    $ tls-cipher-suite-default --confirm

Results

When the SSL configuration is changed, or a custom certificate is installed or removed, the HTTPS management server is automatically restarted to ensure that all current and future connections make use of the certificate, and the enabled versions and ciphers. An incorrect configuration can cause the NAS Manager to be unable to communicate with the HTTPS management server. Verify that the NAS Manager can still communicate after the settings have been changed.