Web TLS Cipher Management

Web TLS ciphers on the VOSS Automate platform can be listed and managed. This can be done as follows:

• web ssl cipher list will list nginx ciphers grouped by status: disabled, enabled.

• web ssl cipher default will set the default nginx ciphers. This command requires the web server to be restarted.

• web ssl cipher enable <space separated cipher(s)> will enable the listed nginx ciphers. This command requires the web server to be restarted.

• web ssl cipher disable <space separated cipher(s)> will disable the listed nginx ciphers. This command requires the web server to be restarted.

Note

The enabled ciphers cannot all be disabled.

Command examples:

• List:

  platform@VOSS:~$ web ssl cipher list
      enabled:
          ECDHE-RSA-AES256-SHA
          ECDHE-ECDSA-AES256-SHA
          SRP-DSS-AES-256-CBC-SHA
          SRP-RSA-AES-256-CBC-SHA
          SRP-AES-256-CBC-SHA
          DHE-RSA-AES256-SHA
          DHE-DSS-AES256-SHA
          DH-RSA-AES256-SHA
          DH-DSS-AES256-SHA
          DHE-RSA-CAMELLIA256-SHA
          DHE-DSS-CAMELLIA256-SHA
      ...
  

• Disable:

  platform@VOSS:~$ web ssl cipher disable CAMELLIA256-SHA
  Disabling nginx ciphers requires the web server to be restarted.
  Do you wish to continue? y
  
  
  Application services:firewall processes stopped.
  Application nginx processes stopped.
  Reconfiguring applications...
  Application nginx processes started.
      disabled:
          CAMELLIA256-SHA
      enabled:
          ECDHE-RSA-AES256-GCM-SHA384
          ECDHE-ECDSA-AES256-GCM-SHA384
          ECDHE-RSA-AES256-SHA384
      ...