.. _Web_TLS_cipher_management:

Web TLS Cipher Management
-------------------------

.. index:: web;web ssl
.. index:: web ssl;web ssl cipher

.. _18.1-Patch-Bundle-3|EKB-671:
.. _19.1|EKB-671:

Web TLS ciphers on the VOSS Automate platform can be listed and managed.
This can be done as follows:


* **web ssl cipher list** will list nginx ciphers grouped by status:
  ``disabled``, ``enabled``.

* **web ssl cipher default** will set the default nginx ciphers.
  This command requires the web server to be restarted.

* **web ssl cipher enable <space separated cipher(s)>** will enable the listed nginx ciphers. 
  This command requires the web server to be restarted.

* **web ssl cipher disable <space separated cipher(s)>** will disable the listed nginx ciphers.
  This command  requires the web server to be restarted.



.. note::
   The enabled ciphers cannot *all* be disabled.


Command examples:

* List:
  
  ::
  
     platform@VOSS:~$ web ssl cipher list
         enabled:  
             ECDHE-RSA-AES256-SHA
             ECDHE-ECDSA-AES256-SHA
             SRP-DSS-AES-256-CBC-SHA
             SRP-RSA-AES-256-CBC-SHA
             SRP-AES-256-CBC-SHA
             DHE-RSA-AES256-SHA
             DHE-DSS-AES256-SHA
             DH-RSA-AES256-SHA
             DH-DSS-AES256-SHA
             DHE-RSA-CAMELLIA256-SHA
             DHE-DSS-CAMELLIA256-SHA
         ...
     
  
* Disable:
  
  ::
       
     platform@VOSS:~$ web ssl cipher disable CAMELLIA256-SHA
     Disabling nginx ciphers requires the web server to be restarted.
     Do you wish to continue? y
     
     
     Application services:firewall processes stopped.
     Application nginx processes stopped.
     Reconfiguring applications...
     Application nginx processes started.
         disabled: 
             CAMELLIA256-SHA
         enabled: 
             ECDHE-RSA-AES256-GCM-SHA384
             ECDHE-ECDSA-AES256-GCM-SHA384
             ECDHE-RSA-AES256-SHA384
         ...