We've Moved! Product Documentation has moved to docs.hitachivantara.com

Configuring cipher suites

Last updated
Save as PDF

You can restrict which cipher suites may be used to comply with your security policies.

Use HNAS console commands to configure cipher suites or to disable cipher suites you do not wish to use.

Procedure

To list the enabled cipher suites, enter:
$ tls-cipher-suite-list
NoteSee the Hitachi Unified Storage File Module System Access Guide for directions on how to access the HNAS server CLI.
The enabled and disabled cipher suites are shown.
To list specific cipher suites, enter:
```
$ tls-cipher-suite-list EXP-RC4-MD5
$ tls-cipher-suite-list EXP-RC4-MD5:  enabled
```
The tls-cipher-suite-list command lists all known cipher suites and shows whether each is enabled or disabled.
To disable an enabled cipher suite, enter:
```
$ tls-cipher-suite-disable --confirm EXP-RC4_MD5
$ tls-cipher-suite-list EXP-RC4-MD5
EXP-RC4-MD5 : disabled
```
NoteThe --confirm option must be included to commit changes and restart the HTTPS server.

To enable a disabled cipher suite, enter:

$ tls-cipher-suite-enable --confirm EXP-RC4_MD5
$ tls-cipher-suite-list EXP-RC4-MD5
EXP-RC4-MD5 : enabled

To reset the cipher suites to the defaults, enter:
```
$ tls-cipher-suite-default --confirm
```

Results

When the SSL configuration is changed, or a custom certificate is installed or removed, the HTTPS management server is automatically restarted to ensure that all current and future connections make use of the certificate, and the enabled versions and ciphers. An incorrect configuration can cause the NAS Manager to be unable to communicate with the HTTPS management server. Verify that the NAS Manager can still communicate after the settings have been changed.

Quick Links