Set TLS ciphers

The SafeNet Luna Network HSM uses a default set of cipher suites for Transport Layer Security (TLS) communications, such as client connections, remote PED connections, etc.

If the default list is not suitable, you can modify it. The cipher suite configuration allows you to choose which of the supported cipher suite(s) the appliance can use for TLS communications, and also the preferred order for their usage.

To configure TLS ciphers for the appliance:

Use the following command in LunaSH:

lunash:>sysconf tls ciphers set {-list <cipher_list> | -applyTemplate <file name>} [-force]

NOTE    

>Setting some of the stronger ciphers introduces additional overhead, which might affect performance.

>You can list the available ciphers, and reset to the default list if desired. Refer to the sysconf tls ciphers command for more information on how to show, and reset the list.


Customer Support Portal

SafeNet Luna Network HSM 7.2 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.