Knowledge Doc: [SecureData] How to change the set of ciphers accepted by the appliance

0 Likes

Summary
How do I change the set of ciphers considered as "strong" by the appliance?

Products
Voltage SecureData

Situation
The appliance only accepts connections using a cipher algorithm designated as a "strong" algorithm. This set of algorithms evolves over time, as new algorithms come into use and older ones are discarded. Generally, there should be no need to update the list manually - the appliance team considers whether the list needs to be updated as part of each release. However, for customers with unique needs, or for customers needing to remediate a security warning without upgrading the appliance (or if the remediation is in a yet-to-be-released appliance version), this is how to edit the list.

Resolution
On the management console as the root user, edit the file /opt/vsmgmt/console/config.py.
Find the line that begins STRONG_SSL_CIPHERS=
Edit this line to include the list of ciphers you want the appliance to accept, and save the file.
Restart management console service with command: 'systemctl restart vsmgmt'.

Knowledge Doc Article Link


URL Name
KM000009979

Labels:

Knowledge Docs
Comment List
Related
Recommended