Secure Sockets Layer (SSL) has been replaced with Transport Layer Security (TLS). Support has also been added for Extended Master Secret (EMS).
Because each node hosts a standalone webserver, if you want to configure TLS for a node you must log into the Cryptographic Security Platform Compliance Manager webGUI for that specific node.
- Log into the Cryptographic Security Platform Compliance Manager webGUI with your standard account credentials.
- In the top right, click the Switch to Appliance Management link.
- In the top menu bar, click Settings.
- In the General Settings section, click TLS Configuration.
On the Protocol tab, select the TLS authentication modes that you want to use:
- TLSv1.2, TLSv1.3
- TLSv1.3 only
Optionally, on the Cipher Suite tab, review the detailed list of available ciphers. If you want to remove ciphers from this list, click the X following the cipher name that you do not want to use. If you want to add a cipher, click in the bottom of the list box and enter a valid cipher name, then click Reload.
The following ciphers are supported:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-CCM:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-CCM:
DHE-RSA-AES256-GCM-SHA384:
DHE-RSA-AES256-CCM:
DHE-RSA-AES128-GCM-SHA256:
DHE-RSA-AES128-CCM:
PSK-AES256-GCM-SHA384:
PSK-AES256-CCM,"\
PSK-AES128-GCM-SHA256:
PSK-AES128-CCM:
DHE-PSK-AES256-GCM-SHA384:
DHE-PSK-AES256-CCM:
DHE-PSK-AES128-GCM-SHA256:
DHE-PSK-AES128-CCM
On the TLS Extended Master Secret tab, select whether or not to enforce EMS. We highly recommend that you enable EMS.
Important: The EMS setting applies to the entire cluster.
- When you are finished, click Apply.