This command displays and configures the cryptographic settings for the CMM. These settings are required to achieve National Institute of Standards and Technology (NIST) compatibility.
If command syntax is not correctly entered, or if a command fails to run, an error message is returned. See Common errors for a list of error messages that apply to all commands or crypto command errors for a list of error messages that are specific to the crypto command.
For more information about NIST, see Configuring NIST 800-131A compliance.
Function | What it does | Command | Target (see paths in Command targets) |
---|---|---|---|
Display CMM cryptographic settings | Displays the cryptographic settings for the CMM. Return values include the currently selected CMM cipher suite, cryptographic mode, and the cryptographic mode specification version. | crypto | Primary CMM:
|
Set CMM cipher suites | Sets the allowed cipher suites for the primary CMM either
to those defined by the TLS 1.2 specification (effectively limiting
communication to TLS 1.2 only) or to a broader set of cipher suites
that can be used with SSL 3.0, TLS 1.0, TLS 1.1, or TLS 1.2. Important:
Note:
|
crypto
-cs cipher where cipher is:
This command can only be run by users who have one or
more of the following command authorities:
|
Primary CMM:
|
Set CMM cryptographic mode | Sets the cryptographic mode for the primary CMM. Note:
|
crypto
-m mode where mode is:
This command can only be run by users who have one or
more of the following command authorities:
|
Primary CMM:
|
Example:
crypto
crypto -cs tls1.2
crypto -cs legacy
The following example shows the information that is returned from these commands, when they are run using a Telnet connection:
system:mm[1]> crypto -cs legacy -m comp Version: 01.00 system:mm[1]> crypto -cs tls1.2 Affected services will now be restarted. All secure sessions will be closed, and need to be reestablished. OK system:mm[1]> crypto -cs tls1.2 -m comp Version: 01.00 system:mm[1]> crypto -cs legacy Affected services will now be restarted. All secure sessions will be closed, and need to be reestablished. OK system:mm[1]> crypto -cs legacy -m comp Version: 01.00 system:mm[1]>