Specify a custom level of Cipher Suite security for Cisco UCS Manager

This post is to provide an example about how to specify a custom level of Cipher Suite security for the Cisco UCS Manager.  Cisco have provided a customer Cipher Suite Mode, which allows you to specify a user-defined Cipher Suite specification string.

UCSM.JPG

Navigate to Communication Management > Communication Services, in the HTTPS area, choose “customer” and then the Cipher Suite field can be edited. Based on the Cisco document:

cipher-suite-spec-string can contain up to 256 characters and must conform to the OpenSSL Cipher Suite specifications. You cannot use any spaces or special characters except ! (exclamation point), + (plus sign), – (hyphen), and : (colon). “

In this example, we will try to remove a weak cipher 3DES (Triple-DES encoding) from the Cipher Suite.

 

  • Step 1, select the “High Strength” cipher suite and copy cipher suite string out, which looks like below:

ALL:!DH:!EDH:!ADH:!EXPORT40:!EXPORT56:!LOW:!MEDIUM:!eNULL:!RC4:+HIGH:+EXP

 

 

  • Step 3, add “:!3DES” at the end of the string generated from step 1 as below and copy to the “cipher suite” field.

ALL:!DH:!EDH:!ADH:!EXPORT40:!EXPORT56:!LOW:!MEDIUM:!eNULL:!RC4:+HIGH:+EXP:!3DES

 

Apply the change and the new cipher suite will take place.

Cipher Suite

For the details, reference below Cisco document link:

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/3-2/b_Cisco_UCS_Admin_Mgmt_Guide_3_2/b_Cisco_UCS_Admin_Mgmt_Guide_3_2_chapter_0111.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s