Use the lssecurity command to display
the current system Secure Sockets Layer (SSL) or Transport Layer Security
(TLS) security settings.
Syntax
lssecurity [ -nohdr ] [ -delim delimiter ]
Parameters
- -nohdr
- (Optional) By default, headings are displayed for each column of data in a concise style view,
and for each item of data in a detailed style view. The -nohdr parameter
suppresses the display of these headings.
Note: If there is no data to be displayed, headings are not
displayed.
- -delim delimiter
- (Optional) By default in a concise view, all columns of data are space-separated. The width of
each column is set to the maximum possible width of each item of data. In a detailed view, each item
of data has its own row, and if the headers are displayed, the data is separated from the header by
a space. The -delim parameter overrides this behavior. Valid input for the
-delim parameter is a one-byte character. If you enter -delim
: on the command line, the colon character (:) separates all items of data
in a concise view; for example, the spacing of columns does not occur. In a detailed view, the data
is separated from its header by the specified delimiter.
Description
This command displays the current system SSL or TLS security settings.
This table provides the
possible values displayed for the lssecurity command.
Table 1. lssecurity attribute values| Attribute |
Value |
|---|
| sslprotocol |
Identifies the current security level setting, a numeric value of1, 2, or 3.A
security level setting of: - 1 allows TLS 1.0, TLS 1.1, and TLS 1.2, but disallows SSL 3.0
- 2 disallows TLS 1.0 and TLS 1.1
- 3 additionally disallows TLS 1.2 cipher suites that are not exclusive to 1.2
Note: You cannot use the management GUI if the sslprotocol value is set to
1 and you are using SSL 3.0 or TLS 1.0.
|
|---|
An invocation example
lssecurity
The
resulting output:
sslprotocol:1