Reference Guide
Default_cc
/************************************************************************
* Brocade - Common Criteria (CC) Template for Security Crypto Configuration
*
* Desc:
*
* Default values for security crypto configurations for CC compliance
*
*************************************************************************/
[Ver] 0.1
/*
* Group : SSH
* Rules : Comma Separated
* Example : aes128-ctr,aes192-ctr -> Note, no space before and after comma.
* Valid options: Kex, Mac, Enc
*/
[SSH]
Enc:aes128-cbc,aes256-cbc
Kex:diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
Mac:hmac-sha1,hmac-sha2-256,hmac-sha2-512
/*
* Group : AAA
* Rules : Textual openssl cipherlist (colon,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: RAD_Ciphers, LDAP_Ciphers
*/
[AAA]
RAD_Ciphers:!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3
LDAP_Ciphers:!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3
/*
* Group : HTTPS
* Rules : Textual openssl cipherlist (colon,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: Ciphers
*/
[HTTPS]
Ciphers:!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!3DES:!DES
Configuring the ciphers, KEX, and MAC algorithms
Starting with Fabric OS 7.4.0, you can configure the ciphers, key exchange (KEX), and message authentication code (MAC) algorithms
dictated by your security policies.
1. To configure the ciphers, KEX and MAC algorithm for SSH, use the secCryptoCfg command.
secCryptoCfg --replace -type SSH [-cipher cipher string|-kex value|-mac value] -force
The following example configures the ciphers, and KEX and MAC algorithms.
secCryptoCfg --replace -type SSH -cipher 3des-cbc,aes128-cbc,aes192-cbc -kex diffie-hellman-group-
exchange-sha1 -mac hmac-sha2-256
To enforce the default algorithm, use the following command.
secCryptoCfg --default -type SSH –force
2. To display the configured algorithm, use the following command.
secCryptoCfg –-show
Configuring Protocols
Brocade Fabric OS Administration Guide, 8.0.1
194 53-1004111-02