Web TLS Cipher Management

Web TLS ciphers on the VOSS Automate platform can be listed and managed. This can be done as follows:

  • web ssl cipher list will list nginx ciphers grouped by status: disabled, enabled.

  • web ssl cipher default will set the default nginx ciphers. This command requires the web server to be restarted.

  • web ssl cipher enable <space separated cipher(s)> will enable the listed nginx ciphers. This command requires the web server to be restarted.

  • web ssl cipher disable <space separated cipher(s)> will disable the listed nginx ciphers. This command requires the web server to be restarted.

Note

The enabled ciphers cannot all be disabled.

Command examples:

  • List:

    platform@VOSS:~$ web ssl cipher list
        enabled:
            ECDHE-RSA-AES256-SHA
            ECDHE-ECDSA-AES256-SHA
            SRP-DSS-AES-256-CBC-SHA
            SRP-RSA-AES-256-CBC-SHA
            SRP-AES-256-CBC-SHA
            DHE-RSA-AES256-SHA
            DHE-DSS-AES256-SHA
            DH-RSA-AES256-SHA
            DH-DSS-AES256-SHA
            DHE-RSA-CAMELLIA256-SHA
            DHE-DSS-CAMELLIA256-SHA
        ...
    
  • Disable:

    platform@VOSS:~$ web ssl cipher disable CAMELLIA256-SHA
    Disabling nginx ciphers requires the web server to be restarted.
    Do you wish to continue? y
    
    
    Application services:firewall processes stopped.
    Application nginx processes stopped.
    Reconfiguring applications...
    Application nginx processes started.
        disabled:
            CAMELLIA256-SHA
        enabled:
            ECDHE-RSA-AES256-GCM-SHA384
            ECDHE-ECDSA-AES256-GCM-SHA384
            ECDHE-RSA-AES256-SHA384
        ...