Security protocol levels

Security administrators can change the security protocol level for either SSL or SSH protocols. When you change the security level for either of these security protocols, you can control which encryption algorithms, ciphers, and version of the protocol are permitted on the system.

Depending on your security requirements for your organization or geography, you can change the level for both SSL and SSH protocols.

The system supports OpenSSL and Java SSL ciphers to provide strong encryption for secure connections using the SSL or TLS protocols. On a new system, the default SSL protocol level is 5, and the default SSH protocol level is 3. If you want to allow the use of more cipher suites for compatibility with some applications, you can select a lower value. Selecting a higher value further restricts the list of supported cipher suites.

By default, the system uses the suggested SSL protocol and SSH protocol levels. If the suggested SSL and SSH protocol levels change on a future system upgrade, the system applies the new levels automatically. However, if you manually select a new level, then the system no longer uses the suggested levels and does not modify the level on future system upgrades. To use automatic suggestions, reset the SSL and SSH protocol levels using the management GUI or CLI.

Note:

The suggested SSL and SSH protocol levels might be increased in future code upgrades as security requirements change. To automatically update the protocol level to the new suggested level whenever you upgrade the system, select Automatic for the protocol level.

For servers or services that do not support TLS 1.3, do not set the security level to a level that supports only TLS 1.3, such as levels 6 and 7. Currently, the following servers or services do not support TLS 1.3:
  • KeySecure key servers
  • Duo Security for Multifactor Authentication on the Command Line Interface (CLI)
  • Transparent Cloud Tiering (TCT)
If you use KeySecure key servers and want to use TLS 1.3 for secure communication, migrate to CipherTrust Manager key servers.
Note: For services or features involving two systems (system A and system B) that communicate with each other (for example, policy-based replication or secured IP partnerships), using mutual TLS authentication, you can configure different security levels on each system. Do not configure system A to only support TLS 1.2 (SSL protocol levels 2-4) and system B to support only TLS 1.3 (levels 6-7), or vice versa.

The following table describes each security level, minimum version of SSL or TLS allowed and the supported ciphers for each level:

Table 1. Supported SSL/TLS security levels
Security level Description Minimum security allowed Supported Java SSL ciphers Supported OpenSSL ciphers
2 Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1. TLS 1.2
  • SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • SSL_RSA_WITH_AES_256_CBC_SHA256
  • SSL_RSA_WITH_AES_256_GCM_SHA384
  • SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
  • SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
  • SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
  • SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
  • SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
  • SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
  • SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • SSL_RSA_WITH_AES_256_CBC_SHA
  • SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
  • SSL_DHE_RSA_WITH_AES_256_CBC_SHA
  • SSL_DHE_DSS_WITH_AES_256_CBC_SHA
  • SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • SSL_RSA_WITH_AES_128_CBC_SHA256
  • SSL_RSA_WITH_AES_128_GCM_SHA256
  • SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  • SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
  • SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
  • SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
  • SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
  • SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
  • SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • SSL_RSA_WITH_AES_128_CBC_SHA
  • SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  • SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
  • SSL_DHE_RSA_WITH_AES_128_CBC_SHA
  • SSL_DHE_DSS_WITH_AES_128_CBC_SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • DHE-DSS-AES256-GCM-SHA384
  • DHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-SHA256
  • ECDH-RSA-AES256-GCM-SHA384 E
  • ECDH-ECDSA-AES256-GCM-SHA384
  • ECDH-RSA-AES256-SHA384
  • ECDH-ECDSA-AES256-SHA384
  • AES256-GCM-SHA384
  • AES256-SHA256
  • AES256-SHA
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • DHE-DSS-AES128-GCM-SHA256
  • DHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES128-SHA256
  • DHE-DSS-AES128-SHA256
  • ECDH-RSA-AES128-GCM-SHA256
  • ECDH-ECDSA-AES128-GCM-SHA256
  • ECDH-RSA-AES128-SHA256
  • ECDH-ECDSA-AES128-SHA256
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES128-SHA
  • DES-CBC3-SHA
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • DHE-DSS-AES128-GCM-SHA256
  • DHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES128-SHA256
  • DHE-DSS-AES128-SHA256
  • ECDH-RSA-AES128-GCM-SHA256
  • ECDH-ECDSA-AES128-GCM-SHA256
  • ECDH-RSA-AES128-SHA256
  • ECDH-ECDSA-AES128-SHA256
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES128-SHA
  • DES-CBC3-SHA
3 Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1 and to allow cipher suites that are exclusive to TLS version 1.2. TLS 1.2
  • SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • SSL_RSA_WITH_AES_256_CBC_SHA256
  • SSL_RSA_WITH_AES_256_GCM_SHA384
  • SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
  • SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
  • SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
  • SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
  • SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
  • SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
  • SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • SSL_RSA_WITH_AES_256_CBC_SHA
  • SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
  • SSL_DHE_RSA_WITH_AES_256_CBC_SHA
  • SSL_DHE_DSS_WITH_AES_256_CBC_SHA
  • SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • SSL_RSA_WITH_AES_128_CBC_SHA256
  • SSL_RSA_WITH_AES_128_GCM_SHA256
  • SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  • SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
  • SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
  • SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
  • SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
  • SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
  • SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • DHE-DSS-AES256-GCM-SHA384
  • DHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-SHA256
  • ECDH-RSA-AES256-GCM-SHA384 E
  • ECDH-ECDSA-AES256-GCM-SHA384
  • ECDH-RSA-AES256-SHA384
  • ECDH-ECDSA-AES256-SHA384
  • AES256-GCM-SHA384
  • AES256-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • DHE-DSS-AES128-GCM-SHA256
  • DHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES128-SHA256
  • DHE-DSS-AES128-SHA256
  • ECDH-RSA-AES128-GCM-SHA256
  • ECDH-ECDSA-AES128-GCM-SHA256
  • ECDH-RSA-AES128-SHA256
  • ECDH-ECDSA-AES128-SHA256
  • AES128-GCM-SHA256
  • AES128-SHA256
4 Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1, and to allow cipher suites that are exclusive to TLS version 1.2. Sets the system to disallow RSA ciphers and static key exchange ciphers. TLS 1.2
  • SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
  • SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • DHE-DSS-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • DHE-DSS-AES128-GCM-SHA256
5 Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1 and to allow cipher suites that are exclusive to TLS version 1.2 and 1.3. TLS 1.2, TLS 1.3
For TLS 1.3
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_128_CCM_8_SHA256
  • TLS_AES_128_CCM_SHA256
For TLS 1.2

The security level 5 supports all the Java SSL ciphers supported at the security level 3. A few additional TLS 1.2 specific Java SSL ciphers supported at level 5 are:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
For TLS 1.3
  • AES-256-GCM-SHA384
  • CHACHA20-POLY1305-SHA256
  • AES-128-GCM-SHA256
  • AES-128-CCM-8-SHA256
  • AES-128-CCM-SHA256
For TLS 1.2

The security level 5 supports all the OpenSSL ciphers supported at the security level 3. A few additional TLS 1.2 specific OpenSSL ciphers supported at level 5 are:

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • DHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-SHA256
  • AES256-GCM-SHA384
  • AES256-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • DHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES128-SHA256
  • AES128-GCM-SHA256
  • AES128-SHA256
6 Sets the system to disallow SSL version 3.0, TLS version 1.0, TLS version 1.1, and TLS version 1.2 and to allow cipher suites that are exclusive to TLS version 1.3. TLS 1.3
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_128_CCM_8_SHA256
  • TLS_AES_128_CCM_SHA256
  • AES-256-GCM-SHA384
  • CHACHA20-POLY1305-SHA256
  • AES-128-GCM-SHA256
  • AES-128-CCM-8-SHA256
  • AES-128-CCM-SHA256
7 Sets the system to disallow SSL version 3.0, TLS version 1.0, TLS version 1.1, and TLS version 1.2 and to allow the TLS 1.3 cipher suites that are FIPS mode compliant. TLS 1.3 TLS_AES_256_GCM_SHA384 AES-256-GCM-SHA384

The following table describes the SSH security levels supported by the system:

Table 2. SSH algorithms supported at each security level
Security level Key Exchange Cipher Suite MAC Algorithm Host Key Algorithms
1
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1

aes256-ctr

aes192-ctr

aes128-ctr

chacha20-poly1305@openssh.com

aes256-gcm@openssh.com

aes128-gcm@openssh.com

aes256-cbc

aes192-cbc

aes128-cbc

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

hmac-sha1

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-rsa

ssh-rsa-cert-v01@openssh.com

2
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1

aes256-ctr

aes192-ctr

aes128-ctr

chacha20-poly1305@openssh.com

aes256-gcm@openssh.com

aes128-gcm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

hmac-sha1

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-rsa

ssh-rsa-cert-v01@openssh.com

3
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256

aes256-ctr

aes192-ctr

aes128-ctr

chacha20-poly1305@openssh.com

aes256-gcm@openssh.com

aes128-gcm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-rsa

ssh-rsa-cert-v01@openssh.com

4
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

aes256-ctr

aes192-ctr

aes128-ctr

aes256-gcm@openssh.com

aes128-gcm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

Restriction: The 3-site-orchestrator does not support SSH protocol level 4.

When you change the SSL security protocol level, you must restart any service using SSL/TLS. All current session are ended to ensure no sessions are open using the old security level. It can take a few minutes for the service to be available.

Using the management GUI

You can use the management GUI to update protocol levels for SSL and SSH connections:

SSL/TLS security protocol level
By default, the SSL protocol level is set to 5, and the SSH protocol level is set to 3 . To change the SSL or SSH security protocol levels, complete these steps:
  1. In the management GUI, select Settings > Security > Security protocol levels.
  2. You can update any of the following details:
    SSL protocol level
    Note: Changing the SSL protocol level causes the GUI to restart.
    SSL ensures that the data is securely transferred. By default, security level 5 is set to allow both TLS 1.2 and TLS 1.3. You can select the required SSL protocol level from the following options:
    • Automatic - Use suggested level of 5.
    • 2 - TLS 1.2, allow TLS 1.0, 1.1, and 1.2 ciphers.
    • 3 - TLS 1.2, allow TLS 1.2 ciphers.
    • 4 - TLS 1.2, allow TLS 1.2 ciphers but disallow RSA and static key exchange ciphers.
    • 5 - TLS 1.2 and TLS 1.3, disallow static key exchange ciphers.
    • 6 - TLS 1.3, allow only TLS 1.3 ciphers.
    • 7 - TLS 1.3, allow only ciphers that support FIPS.
    SSH protocol level
    Select the SSH protocol level that is used for connections to the command-line interface. Each level supports different algorithms for key exchange. The range is 1 - 4, where 3 is the default value. Select the required SSH protocol level from the following options:
    • Automatic - Use suggested level of 3.
    • 1 - Allow block ciphers.
    • 2 - Disallow block ciphers.
    • 3 - Disallow SHA1.
    • 4 - Disallow Diffie-Hellman.
  3. Click Save.
Note: The suggested SSL and SSH protocol levels might be increased in future code upgrades as security requirements change. To automatically update the protocol level to the new suggested level whenever you upgrade the system, select Automatic for the protocol level.

Using the command-line interface (CLI)

The chsecurity command allows you to set the ciphers and protocols that are allowed by secure interfaces to reduce the vulnerability to attack. However, changing the security level might break the connection to external systems such as web browsers and anything that is connected through CIM such as VMWare provisioning utilities or IBM® Spectrum Control software.

  1. To display your current system SSL, TLS, and SSH security settings, enter the following command:
    lssecurity
    The results show the current setting as shown in the following example:
    sslprotocol 5
    sshprotocol 3
    gui_timeout_mins 30
    cli_timeout_mins 15
    restapi_timeout_mins 60
    min_password_length 8
    password_special_chars 0
    password_upper_case 0
    password_lower_case 0
    password_digits 0
    check_password_history no
    max_password_history 6
    min_password_age_days 1
    password_expiry_days 0
    expiry_warning_days 14
    superuser_locking disabled
    max_failed_login_attempts 0
    lockout_period_mins 10
    superuser_multi_factor no
    ssh_grace_time_seconds 60
    ssh_max_tries 6
    superuser_password_sshkey_required no
    superuser_gui_disabled no
    superuser_rest_disabled no
    superuser_cim_disabled yes
    two_person_integrity_enabled no
    two_person_integrity_superuser_locked no
    ssl_protocols_enabled TLSv1.2:TLSv1.3
    ssl_protocol_suggested yes
    ssh_protocol_suggested yes
  2. To change SSL/TLS settings, enter chsecurity -sslprotocol security_level, where security_level is 2, 3, 4, 5, 6, or 7.
    Note: You might lose the connection to the management GUI when the security level is changed. If you lose the connection, use the CLI to decrease the security level to a lower setting.
  3. To change SSH settings, enter chsecurity -sshprotocol security_level, where security_level is 1, 2, 3, or 4.