security config show

Display Security Configuration Options

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

The security config show command displays the security configurations of the cluster in advanced privilege mode.
Default values are as follows:
  • SSL FIPS mode: disabled
  • Supported protocols: TLSv1.2,TLSv1.1,TLSv1
  • Supported ciphers: ALL:!LOW:!aNULL:!EXP:!eNULL
The default cipher suites represent all suites for the listed protocols except those that have no authentication, no encryption, no exports, and low encryption (below 64 or 56 bit).

Enabling FIPS mode will cause the entire cluster to use FIPS-compliant crypto operations only.

Use the security config modify command to change the protocols and ciphers that the cluster will support. When all the nodes in the cluster are updated with the modified settings, the cluster security config ready value will be shown as yes.

Parameters

{ [-fields <fieldname>, ...]
If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-instance ]}
If you specify the -instance parameter, the command displays detailed information about all fields.
[-interface <SSL>] - FIPS-Compliant Interface
Displays configurations that match the specified value for the interface.
[-is-fips-enabled {true|false}] - FIPS Mode
Display configurations that match the specified value for FIPS mode.
[-supported-protocols {TLSv1.2|TLSv1.1|TLSv1|SSLv3}, ...] - Supported Protocols
Displays configurations that match the specified protocols.
[-supported-ciphers <text>] - Supported Ciphers
Displays the configurations that match the specified supported ciphers.

Examples

The following example shows the default security configurations for a cluster.

cluster1::> security config show
          Cluster                                              Cluster Security
Interface FIPS Mode  Supported Protocols     Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL       false      TLSv1.2, TLSv1.1, TLSv1 ALL:!LOW:        yes
                                             !aNULL:!EXP:
                                             !eNULL

The following example shows the security configuration after FIPS mode has been enabled.

cluster1::> security config show
          Cluster                                              Cluster Security
Interface FIPS Mode  Supported Protocols     Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL       true       TLSv1.2, TLSv1.1        ALL:!LOW:         yes
                                             !aNULL:!EXP:
                                             !eNULL:!RC4