lssecurity

Use the lssecurity command to display the current system Secure Sockets Layer (SSL) or Transport Layer Security (TLS) security settings.

Syntax

lssecurity   [  -nohdr  ]   [  -delim  delimiter  ]  

Parameters

-nohdr
(Optional) By default, headings are displayed for each column of data in a concise style view, and for each item of data in a detailed style view. The -nohdr parameter suppresses the display of these headings.
Note: If no data exists to be displayed, headings are not displayed.
-delim delimiter
(Optional) By default in a concise view, all columns of data are space-separated. The width of each column is set to the maximum width of each item of data. In a detailed view, each item of data has its own row, and if the headers are displayed, the data is separated from the header by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a 1-byte character. If you enter -delim : on the command line, the colon character (:) separates all items of data in a concise view; for example, the spacing of columns does not occur. In a detailed view, the data is separated from its header by the specified delimiter.

Description

This command displays the current system SSL, SSH, or TLS security settings.

This table provides the possible values that are displayed for the lssecurity command.

Table 1. lssecurity attribute values
Attribute Value
sslprotocol Identifies the current security level setting, a numeric value of 1, 2, 3, or 4.
A security level setting of:
  • 1 allows TLS 1.0, TLS 1.1, and TLS 1.2, but disallows SSL 3.0.
  • 2 disallows TLS 1.0 and TLS 1.1.
  • 3 also disallows TLS 1.2 cipher suites that are not exclusive to 1.2.
  • 4 additionally disallows RSA key exchange ciphers.
Note: You cannot use the management GUI if the sslprotocol value is set to 1 and you are using SSL 3.0 or TLS 1.0.
sshprotocol Identifies the current security level for SSH, a numeric value of 1 or 2.
A security level setting of:
  • 1 allows the following key exchange methods.
    • curve25519-sha256
    • curve25519-sha256@libssh.org
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
    • diffie-hellman-group-exchange-sha256
    • diffie-hellman-group16-sha512
    • diffie-hellman-group18-sha512
    • diffie-hellman-group14-sha256
    • diffie-hellman-group14-sha1
    • diffie-hellman-group1-sha1
    • diffie-hellman-group-exchange-sha1
  • 2 allows the following key exchange methods.
    • curve25519-sha256
    • curve25519-sha256@libssh.org
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
    • diffie-hellman-group-exchange-sha256
    • diffie-hellman-group16-sha512
    • diffie-hellman-group18-sha512
    • diffie-hellman-group14-sha256
    • diffie-hellman-group14-sha1

An invocation example

lssecurity

The resulting output: 

sslprotocol 4
sshprotocol 1
Parent topic: Clustered system commands
Related information
addiscsistorageport
cfgportip
chbanner
chcluster (Discontinued)
chiogrp
chiscsistorageport
chnodecanister
chnodecanisterhw
chquorum
chsecurity
chsite
chsra
chsystem
chsystemcert
chsystemip
chthrottle
cleardumps
cpdumps
detectiscsistorageportcandidate
help
lsclustercandidate (Discontinued)
lscluster (Discontinued)
lsclusterip (Discontinued)
lsclusterstats (Discontinued)
lsdiscoverystatus
lsfabric
lsfcportcandidate
lsiscsistorageport
lsiscsistorageportcandidate
lsiogrp
lshbaportcandidate (Deprecated)
lsiogrphost
lsiogrpcandidate
lsnodecanister
lsnodecanisterhw
lsnodecanisterstats
lsnodecanistervpd
lsnodedependentvdisks (Deprecated)
lsportusb
lsportip
lsportfc
lsportsas
lsquorum
lsroute
lstimezones
lssasportcandidate
lssite
lssra
lsthrottle
lssystem
lssystemcert
lssystemip
lssystemstats
lstargetportfc
mkquorumapp
mkthrottle
ping
rmiscsistorageport
rmnodecanister
rmportip
rmthrottle
setclustertime (Discontinued)
setsystemtime
setpwdreset
settimezone
showtimezone
startstats
stopcluster (Discontinued)
stopsystem