lssecurity

Use the lssecurity command to display the current system Secure Sockets Layer (SSL) or Transport Layer Security (TLS) security settings.

Syntax

lssecurity [ -nohdr ] [ -delimdelimiter ]

Parameters

-nohdr
(Optional) By default, headings are displayed for each column of data in a concise style view, and for each item of data in a detailed style view. The -nohdr parameter suppresses the display of these headings.
Note: If no data exists to be displayed, headings are not displayed.
-delim delimiter
(Optional) By default in a concise view, all columns of data are space-separated. The width of each column is set to the maximum width of each item of data. In a detailed view, each item of data has its own row, and if the headers are displayed, the data is separated from the header by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a 1-byte character. If you enter -delim : on the command line, the colon character (:) separates all items of data in a concise view; for example, the spacing of columns does not occur. In a detailed view, the data is separated from its header by the specified delimiter.

Description

This command displays the current system SSL, SSH, or TLS security settings.

This table provides the possible values that are displayed for the lssecurity command.

Table 1. lssecurity attribute values
Attribute Value
sslprotocol Identifies the current security level setting, a numeric value of 1, 2, 3, or 4.
A security level setting of:
  • 1 allows TLS 1.0, TLS 1.1, and TLS 1.2, but disallows SSL 3.0.
  • 2 disallows TLS 1.0 and TLS 1.1.
  • 3 also disallows TLS 1.2 cipher suites that are not exclusive to 1.2.
  • 4 additionally disallows RSA key exchange ciphers.
Note: You cannot use the management GUI if the sslprotocol value is set to 1 and you are using SSL 3.0 or TLS 1.0.
sshprotocol Identifies the current security level for SSH, a numeric value of 1 or 2.
A security level setting of:
  • 1 allows the following key exchange methods.
    • curve25519-sha256
    • curve25519-sha256@libssh.org
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
    • diffie-hellman-group-exchange-sha256
    • diffie-hellman-group16-sha512
    • diffie-hellman-group18-sha512
    • diffie-hellman-group14-sha256
    • diffie-hellman-group14-sha1
    • diffie-hellman-group1-sha1
    • diffie-hellman-group-exchange-sha1
  • 2 allows the following key exchange methods.
    • curve25519-sha256
    • curve25519-sha256@libssh.org
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
    • diffie-hellman-group-exchange-sha256
    • diffie-hellman-group16-sha512
    • diffie-hellman-group18-sha512
    • diffie-hellman-group14-sha256
    • diffie-hellman-group14-sha1

An invocation example

lssecurity

The resulting output:

sslprotocol 4
sshprotocol 1