Configure Enhanced Cryptography Mode
A GigaVUE node can be put into enhanced cryptography mode to improve the security of the management interface. In enhanced cryptography mode, weak encryption/decryption and hashing algorithms, used for accessing data and generating keys, are disabled. The enhanced cryptography mode limits the cryptographic algorithms, hashing algorithms, and SSH transport protocols, that are available for use on a GigaVUE node.
The enhanced cryptography mode is disabled. There are two steps to enable it:
- Configure the mode.
- Reload either the node, if it is a standalone, or cluster, if the node is in a clustered environment.
Note: Refer to the GigaVUE Release Notes for the latest browser support information for Secure Cryptography Mode.
Enable Enhanced Cryptography Mode
To enable enhanced cryptography mode do the following:
- Select Settings > Global Settings > Security Settings.
- Use the toggle option to enable Secure Cryptography Enhanced option.
- Click Apply to save the configuration.
If you enable enhanced cryptography, the FIPS mode will be disabled.
Ciphers to Use with Enhanced Cryptography Mode
Use the following ciphers with enhanced cryptography mode:
|
Secure Cryptography Mode |
||
|
All Platforms |
||
|
AES128-CBC AES256-CBC |
Note: Refer to the GigaVUE Release Notes for the latest cipher support information in Secure Cryptography Mode.
Use the following ciphers with normal (non-secure) cryptography mode:
|
Normal Cryptography Mode |
||
|
GVCCV2 |
Other PowerPC Platforms |
Intel Platforms |
|
AES128-CTR AES192-CTR AES256-CTR |
AES128-CTR AES192-CTR AES256-CTR |
AES128-CTR AES192-CTR AES256-CTR AES128-CBC AES256-CBC |
Cryptographic Algorithms
When enhanced cryptography mode is enabled, the cryptographic algorithms are limited as follows:
|
SSH Host Key Algorithm |
SSH Key Exchange |
Encryption Algorithms |
Hash-based Message Authentication Code |
|
ECDSA |
Diffie-Hellman-group14-sha1 |
AES128-CBC, AES256-CBC |
HMAC-SHA1, HMAC-SHA2-256, HMAC-SHA2-512 |
Status of Enhanced Cryptography Mode
If enhanced cryptography mode is configured on a GigaVUE node, once the node or cluster has been reloaded, a status is displayed when you log in.
