Cipherset – Brocade Network OS Command Reference v4.1.0 User Manual

80

Network OS Command Reference

53-1003115-01

cipherset

2

cipherset

Configures FIPS-compliant ciphers for LDAP and SSH protocols.

Synopsis

cipherset {ldap | ssh}

Operands

ldap

Specifies secure LDAP ciphers.

ssh

Specifies secure SSH ciphers.

Defaults

There are no restrictions on LDAP and SSH ciphers.

Command Modes

Privileged EXEC mode

Description

Use this command to configure secure ciphers that are FIPS compliant for the Lightweight
Directory Access Protocol (LDAP) and Secure Shell (SSH). A switch must be configured with secure
ciphers for SSH before that switch can be FIPS compliant. If LDAP authentication is to be used, the
LDAP ciphers are also required before a switch can be FIPS compliant.

The secure LDAP ciphers are AES256-SHA, EAS128-SHA, and DES-CBC3-SHA. The secure SSH
ciphers are HMAC-SHA1 (mac), 3DES-CBC, AES128-CBC, AES192-CBC, and AES256-CBC.

Usage Guidelines

This command applies only in the standalone mode. This command can be entered only from a
user account with the admin role assigned.

Examples

To configure secure LDAP ciphers:

switch# cipherset ldap

ldap cipher list configured successfully

To configure secure SSH ciphers:

switch# cipherset ssh

ssh cipher list configured successfully

See Also

fips root disable, fips selftests, fips zeroize, prom-access disable, show prom-access