Use the lssecurity command to display the current system Secure
Sockets Layer (SSL) or Transport Layer Security (TLS) security settings.
Syntax
lssecurity [ -nohdr ] [ -delimdelimiter ]
Parameters
- -nohdr
- (Optional) By default, headings are displayed for each column of data in a concise style
view, and for each item of data in a detailed style view. The -nohdr
parameter suppresses the display of these headings.
Note: If no data exists to be displayed,
headings are not displayed.
- -delim delimiter
- (Optional) By default in a concise view, all columns of data are space-separated. The width
of each column is set to the maximum width of each item of data. In a detailed view, each item
of data has its own row, and if the headers are displayed, the data is separated from the
header by a space. The -delim parameter overrides this behavior. Valid
input for the -delim parameter is a 1-byte character. If you enter
-delim : on the command line, the colon character (:)
separates all items of data in a concise view; for example, the spacing of columns does not
occur. In a detailed view, the data is separated from its header by the specified
delimiter.
Description
This command displays the
current system SSL, SSH, or TLS security settings.
This table provides the possible values
that are displayed for the lssecurity command.
Table 1. lssecurity attribute valuesAttribute |
Value |
sslprotocol |
Identifies the current security level
setting, a numeric value of 1, 2, 3, or
4.A security level setting of: - 1 allows TLS 1.0, TLS 1.1, and TLS 1.2, but disallows SSL 3.0.
- 2 disallows TLS 1.0 and TLS 1.1.
- 3 also disallows TLS 1.2 cipher suites that are not exclusive to 1.2.
- 4 additionally disallows RSA key
exchange ciphers.
Note: You cannot use the management GUI if the sslprotocol value
is set to 1 and you are using SSL 3.0 or TLS 1.0.
|
sshprotocol |
Identifies the current security level for SSH, a numeric
value of 1 or 2.A security level setting of: - 1 allows the following key exchange methods.
- curve25519-sha256
- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group14-sha256
- diffie-hellman-group14-sha1
- diffie-hellman-group1-sha1
- diffie-hellman-group-exchange-sha1
- 2 allows the following key exchange methods.
- curve25519-sha256
- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group14-sha256
- diffie-hellman-group14-sha1
|
An invocation example
lssecurity
The resulting output:
sslprotocol 4
sshprotocol 1