How to change the Cipher Suites of an NMC3?
Question :
How to change the Cipher Suites of an NMC3
Product Line / Environment :
Network Management Card 3 – AP9640/AP9641/ AP9643 and/or Devices with an embedded Network Management Card 3
Answer :
Users may need to adjust the list of SSL/TLS ciphers in use for NMC web access on the NMC, to comply with local security policies, changes in browser compatibility, or to reflect ever-changing best practices.
The option to enable disable Cipher Suites In NMC3 is only accessible via Console or Command line via FTP , SSH or Terminal Emulator (i.e. Putty, TeraTerm) through a USB Connection. Please refer to the Command Line Interface Guide for Network Management Card 3 for details on how to connect via console.
The command to be used is web with the -cs (meaning Cipher Suite) option. The syntax would be "web -cs <level>" specifying the level changes the tier level of cipher suite that will be used. Value range of 0-4. Omitting level value displays current setting.
NOTE: The -cs option is only applied when minimum protocol is set to TLS v1.2 using the -mp option.
Here are the list of what Ciphers are allowed depending on the security level:
apc>web -cs 4
TLS1.2 Cipher Suite Filter: 4
Accepted Cipher Suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
apc>web -cs 3
TLS1.2 Cipher Suite Filter: 3
Accepted Cipher Suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
apc>web -cs 2
TLS1.2 Cipher Suite Filter: 2
Accepted Cipher Suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
apc>web -cs 1
TLS1.2 Cipher Suite Filter: 1
Accepted Cipher Suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
apc>web -cs 0
TLS1.2 Cipher Suite Filter: 0
Accepted Cipher Suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
Figure 1. Screen shot of the Command Line using Putty to Show how the web -cs command is used
For NMC2 Cards Please Follow FA359198
Should there be any other questions, feel free to reach out to us at 800-800-4272 or our chat support group at APC by Schneider Electric Customer Technical Support
게시 대상: 슈나이더 일렉트릭 Korea
도움이 필요하신가요?
제품 선택기
애플리케이션에 적합한 제품과 액세서리를 빠르고 쉽게 찾을 수 있습니다.
견적 받기
영업 관련하여 온라인으로 문의하시면 전문가가 연락드립니다.
구매처
해당 지역의 가장 가까운 슈나이더 일렉트릭 대리점을 쉽게 찾을 수 있습니다.
지원 센터
한 곳에서 모든 요구 사항에 대한 지원 리소스를 찾아보십시오.