Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell PowerVault ME5 Series Storage System CLI Reference Guide

PDF

set ciphers

Description

Configures a cipher list that the storage system can use to securely communicate with hosts through HTTPS.

Transport Layer Security (TLS) is used in every browser worldwide to provide secure HTTP (HTTPS) functionality. TLS 1.2 is the most secure version compared to the previous versions.

A cipher suite is a set of algorithms that help secure a network connection that uses TLS. In the TLS handshake, the client communicates the list of cipher suites that it supports to the server. Cipher suites are usually listed from most secure to least secure so that the most secure cipher suite becomes the first choice. The server compares the list of cipher suites that it supports with the list from the client. When the server finds a match, it informs the client and uses the selected cipher suites to establish a secure connection.

The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a Message Authentication Code (MAC) algorithm. For example, a typical cipher suite is TLS_ECDHE_RSA_WITH_AES_256_ CBC_SHA384, where:

  • TLS indicates the protocol.
  • ECDHE signifies the key exchange algorithm.
  • RSA signifies the authentication algorithm.
  • AES_256_CBC indicates the bulk encryption algorithm.
  • SHA384 indicates the MAC algorithm.

The choice of cipher suites in the TLS connection explain the difference between having a secure connection and one that can be exploited. In order to avoid certain attacks, you may need to disable specific ciphers or entire cipher suites due to security issues.

Each cipher string can be optionally preceded by !, -, or +:

  • If ! is used then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are explicitly stated.
  • If - is used then the ciphers are deleted from the list, but some or all of the ciphers can be added again by later options.
  • If + is used then the ciphers are moved to the end of the list. This option does not add any new ciphers it just moves matching existing ones.

Additionally the cipher string @STRENGTH can be used at any point to sort the current cipher list in order of encryption algorithm key length.

The cipher settings apply to both controller modules.

If you change the cipher list, the command will prompt you to restart both Management Controllers to activate the ciphers. To restart the Management Controllers, use the following command: 
restart mc both full
The change will take effect when the restart is complete.
NOTE:IANA cipher format is not supported.
NOTE:Running the CLI restore defaults command will reset the cipher list to the system default.
Minimum role manage
Syntax set ciphers

list <cipher-string>

Parameters

list <cipher-string>

One or more ciphers separated by colons (with no spaces). Wildcard characters are not supported.
Examples Set the cipher list.

# set ciphers list ALL:!AES128:!AES256:!SHA256:ECDHE-PSK-CAMELLIA127-SHA256:!ADH:@STRENGTH

See also

reset ciphers

show ciphers

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\