Configure Enhanced Cryptography Mode

A GigaVUE node can be put into enhanced cryptography mode to improve the security of the management interface. In enhanced cryptography mode, weak encryption/decryption and hashing algorithms, used for accessing data and generating keys, are disabled. The enhanced cryptography mode limits the cryptographic algorithms, hashing algorithms, and SSH transport protocols, that are available for use on a GigaVUE node.

The enhanced cryptography mode is disabled. There are two steps to enable it: configuring the mode, and then reloading either the node, if it is standalone, or the cluster, if the node is in a cluster environment.

Note:  Refer to the GigaVUE Release Notes for the latest browser support information for Secure Cryptography Mode.

Enable Enhanced Cryptography Mode

To enable enhanced cryptography mode do the following:

  1. Select Settings > Global Settings > Security.
  2. Click Edit.
  3. On the Edit Security Settings page, select Enhanced Cryptography.
  4. Click Save

If you enable enhanced cryptography, then FIPS mode will be disabled.

Ciphers to Use with Enhanced Cryptography Mode

Use the following ciphers with enhanced cryptography mode:

Secure Cryptography Mode

All Platforms

AES128-CBC

AES256-CBC

Note:  Refer to the GigaVUE Release Notes for the latest cipher support information in Secure Cryptography Mode.

Use the following ciphers with normal (non-secure) cryptography mode:

Normal Cryptography Mode

GVCCV2

Other PowerPC Platforms

Intel Platforms

AES128-CTR AES192-CTR AES256-CTR

AES128-CTR AES192-CTR AES256-CTR

AES128-CTR AES192-CTR AES256-CTR AES128-CBC AES256-CBC

Cryptographic Algorithms

When enhanced cryptography mode is enabled, the cryptographic algorithms are limited as follows:

SSH Host Key Algorithm

SSH Key Exchange

Encryption Algorithms

Hash-based Message

Authentication Code

ECDSA

Diffie-Hellman-group14-sha1

AES128-CBC, AES256-CBC

HMAC-SHA1, HMAC-SHA2-256, HMAC-SHA2-512

Status of Enhanced Cryptography Mode

If enhanced cryptography mode is configured on a GigaVUE node, once the node or cluster has been reloaded, a status is displayed when you log in.