Configuring cipher suites
You can restrict which cipher suites may be used to comply with your security policies.
Use HNAS console commands to configure cipher suites or to disable cipher suites you do not wish to use.
Procedure
To list the enabled cipher suites, enter:
$ tls-cipher-suite-listNoteSee the Hitachi Unified Storage File Module System Access Guide for directions on how to access the HNAS server CLI.The enabled and disabled cipher suites are shown.To list specific cipher suites, enter:
$ tls-cipher-suite-list EXP-RC4-MD5 $ tls-cipher-suite-list EXP-RC4-MD5: enabled
Thetls-cipher-suite-list
command lists all known cipher suites and shows whether each is enabled or disabled.To disable an enabled cipher suite, enter:
$ tls-cipher-suite-disable --confirm EXP-RC4_MD5 $ tls-cipher-suite-list EXP-RC4-MD5 EXP-RC4-MD5 : disabled
NoteThe --confirm option must be included to commit changes and restart the HTTPS server.To enable a disabled cipher suite, enter:
$ tls-cipher-suite-enable --confirm EXP-RC4_MD5 $ tls-cipher-suite-list EXP-RC4-MD5 EXP-RC4-MD5 : enabled
To reset the cipher suites to the defaults, enter:
$ tls-cipher-suite-default --confirm
Results
When the SSL configuration is changed, or a custom certificate is installed or removed, the HTTPS management server is automatically restarted to ensure that all current and future connections make use of the certificate, and the enabled versions and ciphers. An incorrect configuration can cause the
NAS Manager to be unable to communicate with the HTTPS management server. Verify that the
NAS Manager can still communicate after the settings have been changed.