Web TLS Cipher Management¶
Web TLS ciphers on the VOSS-4-UC platform can be listed and managed. This can be done as follows:
- web ssl cipher list will list nginx ciphers grouped by status:
disabled
,enabled
. - web ssl cipher default will set the default nginx ciphers. This command requires the web server to be restarted.
- web ssl cipher enable <space separated cipher(s)> will enable the listed nginx ciphers. This command requires the web server to be restarted.
- web ssl cipher disable <space separated cipher(s)> will disable the listed nginx ciphers. This command requires the web server to be restarted.
Note
The enabled ciphers cannot all be disabled.
Command examples:
List:
platform@VOSS:~$ web ssl cipher list enabled: ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA SRP-DSS-AES-256-CBC-SHA SRP-RSA-AES-256-CBC-SHA SRP-AES-256-CBC-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA DH-RSA-AES256-SHA DH-DSS-AES256-SHA DHE-RSA-CAMELLIA256-SHA DHE-DSS-CAMELLIA256-SHA ...
Disable:
platform@VOSS:~$ web ssl cipher disable CAMELLIA256-SHA Disabling nginx ciphers requires the web server to be restarted. Do you wish to continue? y Application services:firewall processes stopped. Application nginx processes stopped. Reconfiguring applications... Application nginx processes started. disabled: CAMELLIA256-SHA enabled: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ...