Configure Enhanced Cryptography Mode
A GigaVUE node can be put into enhanced cryptography mode to improve the security of the management interface. In enhanced cryptography mode, weak encryption/decryption and hashing algorithms, used for accessing data and generating keys, are disabled. The enhanced cryptography mode limits the cryptographic algorithms, hashing algorithms, and SSH transport protocols, that are available for use on a GigaVUE node.
The enhanced cryptography mode is disabled. There are two steps to enable it: configuring the mode, and then reloading either the node, if it is standalone, or the cluster, if the node is in a cluster environment.
Note: Refer to the GigaVUE Release Notes for the latest browser support information for Secure Cryptography Mode.
Enable Enhanced Cryptography Mode
To enable enhanced cryptography mode do the following:
- Select Settings > Global Settings > Security.
- Click Edit.
- On the Edit Security Settings page, select Enhanced Cryptography.
- Click Save
If you enable enhanced cryptography, then FIPS mode will be disabled.
Ciphers to Use with Enhanced Cryptography Mode
Use the following ciphers with enhanced cryptography mode:
|
Secure Cryptography Mode |
||
|
All Platforms |
||
|
AES128-CBC AES256-CBC |
Note: Refer to the GigaVUE Release Notes for the latest cipher support information in Secure Cryptography Mode.
Use the following ciphers with normal (non-secure) cryptography mode:
|
Normal Cryptography Mode |
||
|
GVCCV2 |
Other PowerPC Platforms |
Intel Platforms |
|
AES128-CTR AES192-CTR AES256-CTR |
AES128-CTR AES192-CTR AES256-CTR |
AES128-CTR AES192-CTR AES256-CTR AES128-CBC AES256-CBC |
Cryptographic Algorithms
When enhanced cryptography mode is enabled, the cryptographic algorithms are limited as follows:
|
SSH Host Key Algorithm |
SSH Key Exchange |
Encryption Algorithms |
Hash-based Message Authentication Code |
|
ECDSA |
Diffie-Hellman-group14-sha1 |
AES128-CBC, AES256-CBC |
HMAC-SHA1, HMAC-SHA2-256, HMAC-SHA2-512 |
Status of Enhanced Cryptography Mode
If enhanced cryptography mode is configured on a GigaVUE node, once the node or cluster has been reloaded, a status is displayed when you log in.
