Skip to main content
A newer release of this product is available.

security config show

Contributors
Suggest changes
PDFs

Display Security Configuration Options

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

The security config show command displays the security configurations of the cluster in advanced privilege mode.

Default values are as follows:

  • SSL FIPS mode: disabled

  • Supported protocols: TLSv1.2,TLSv1.1,TLSv1

  • Supported ciphers: ALL:!LOW:!aNULL:!EXP:!eNULL

The default cipher suites represent all suites for the listed protocols except those that have no authentication, no encryption, no exports, and low encryption (below 64 or 56 bit).

Enabling FIPS mode will cause the entire cluster to use FIPS-compliant crypto operations only.

Use the security config modify command to change the protocols and ciphers that the cluster will support. When all the nodes in the cluster are updated with the modified settings, the cluster security config ready value will be shown as yes .

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-interface <SSL>] - FIPS-Compliant Interface (privilege: advanced)

Displays configurations that match the specified value for the interface.

[-is-fips-enabled {true|false}] - FIPS Mode (privilege: advanced)

Display configurations that match the specified value for FIPS mode.

[-supported-protocols {TLSv1.2|TLSv1.1|TLSv1|SSLv3}] - Supported Protocols (privilege: advanced)

Displays configurations that match the specified protocols.

[-supported-ciphers <Cipher String>] - Supported Ciphers (privilege: advanced)

Displays the configurations that match the specified supported ciphers.

Examples

The following example shows the default security configurations for a cluster.

cluster1::> security config show
          Cluster                                              Cluster Security
Interface FIPS Mode  Supported Protocols     Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL       false      TLSv1.2, TLSv1.1, TLSv1 ALL:!LOW:        yes
                                             !aNULL:!EXP:
                                             !eNULL

The following example shows the security configuration after FIPS mode has been enabled.

cluster1::> security config show
          Cluster                                              Cluster Security
Interface FIPS Mode  Supported Protocols     Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL       true       TLSv1.2, TLSv1.1        ALL:!LOW:         yes
                                             !aNULL:!EXP:
                                             !eNULL:!RC4