You can use secure sockets (SSL) connections to improve intersystem communication.
This information about security settings applies to the current release only.
The system generates a self-signed certificate to authenticate SSL connections. During the manufacturing process, each node generates an initial self-signed security certificate. A new certificate is generated when a new system is configured or when the user asks for the certificate to be regenerated.
A system generally consists of 2 to 8 nodes, all of which share the certificate in the system. When a new node is added to a system, a copy of the current certificate is provided for that node. If you remove a node from a system (or is replaced after hardware failure), the node that is removed might retain a copy of the certificate that is stored on the node boot drives.
You can generate a new certificate after you remove or replace hardware, which improves security (and removes the possibility of compromising the older certificate). The system uses a 2048-bit RSA key and SHA-256 hash when you generate certificates.
The system uses SSL connections to control access to the management GUI, the service assistant GUI, the key server, and CIMON. SSL connections use security ciphers to help control access.
You can use security ciphers that are supported by different levels of SSL. Each level supports ciphers that provide differing strengths of encryption. You can set the security level to level 4 to be compliant with the NIST 800-131a standard. You can set the security level to level 2 and use the hashing algorithm SHA-1 for message authentication.
You can set the security level to level 1, but some of the encryption algorithms that are available for use are not approved by either NIST 800-131a or FIPS 140-2. Security level 4 is the maximum level supported. SSL security level 1 is the lowest security level currently supported.
Security level 0 is no longer supported.
SSL level | Is it supported? |
---|---|
TLS 1.2 | Yes |
TLS 1.1 | No |
TLS 1.0 | No |
SSL 3 and earlier | No |
Java SSL ciphers |
---|
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
Cipher | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
SSL level | Is it supported? |
---|---|
TLS 1.2 | Yes |
TLS 1.1 | No |
TLS 1.0 | No |
SSL 3 and earlier | No |
Java SSL ciphers |
---|
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_RSA_WITH_AES_256_CBC_SHA256 |
SSL_RSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
SSL_RSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_RSA_WITH_AES_128_CBC_SHA256 |
SSL_RSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
Cipher | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
AES128-SHA256 | RSA | RSA | AES(128) | SHA256 |
SSL level | Is it supported? |
---|---|
TLS 1.2 | Yes |
TLS 1.1 | No |
TLS 1.0 | No |
SSL 3 and earlier | No |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_RSA_WITH_AES_256_CBC_SHA256 |
SSL_RSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
SSL_RSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_RSA_WITH_AES_128_CBC_SHA256 |
SSL_RSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA |
SSL_RSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA |
Cipher | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
AES256-SHA | RSA | RSA | AES(256) | SHA1 |
ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
AES128-SHA256 | RSA | RSA | AES(128) | SHA256 |
AES128-SHA | RSA | RSA | AES(128) | SHA1 |
DES-CBC3-SHA | RSA | RSA | 3DES(168) | SHA1 |
SSL level | Supported? |
---|---|
TLS 1.2 | Yes |
TLS 1.1 | Yes |
TLS 1.0 | No |
SSL 3 and earlier | No |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_RSA_WITH_AES_256_CBC_SHA256 |
SSL_RSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
SSL_RSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_RSA_WITH_AES_128_CBC_SHA256 |
SSL_RSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA |
SSL_RSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA |
SSL_RSA_WITH_3DES_EDE_CBC_SHA |
SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
Cipher | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
ECDHE-RSA-AES256-SHA | ECDH | RSA | AES(256) | SHA1 |
ECDHE-ECDSA-AES256-SHA | ECDH | ECDSA | AES(256) | SHA1 |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
DHE-DSS-AES256-SHA256 | DH | DSS | AES(256) | SHA256 |
DHE-RSA-AES256-SHA | DH | RSA | AES(256) | SHA1 |
DHE-DSS-AES256-SHA | DH | DSS | AES(256) | SHA1 |
DHE-RSA-CAMELLIA256-SHA | DH | RSA | Camellia(256) | SHA1 |
DHE-DSS-CAMELLIA256-SHA | DH | DSS | Camellia(256) | SHA1 |
ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
ECDH-RSA-AES256-SHA | ECDH/RSA | ECDH | AES(256) | SHA1 |
ECDH-ECDSA-AES256-SHA | ECDH/ECDSA | ECDH | AES(256) | SHA1 |
AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
AES256-SHA | RSA | RSA | AES(256) | SHA1 |
CAMELLIA256-SHA | RSA | RSA | Camellia(256) | SHA1 |
PSK-AES256-CBC-SHA | PSK | PSK | AES(256) | SHA1 |
ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
ECDHE-RSA-AES128-SHA | ECDH | RSA | AES(128) | SHA1 |
ECDHE-ECDSA-AES128-SHA | ECDH | ECDSA | AES(128) | SHA1 |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
DHE-RSA-AES128-SHA | DH | RSA | AES(128) | SHA1 |
DHE-DSS-AES128-SHA | DH | DSS | AES(128) | SHA1 |
ECDHE-RSA-DES-CBC3-SHA | ECDH | RSA | 3DES(168) | SHA1 |
ECDHE-ECDSA-DES-CBC3-SHA | ECDH | ECDSA | 3DES(168) | SHA1 |
DHE-RSA-SEED-SHA | DH | RSA | SEED(128) | SHA1 |
DHE-DSS-SEED-SHA | DH | DSS | SEED(128) | SHA1 |
DHE-RSA-CAMELLIA128-SHA | DH | RSA | Camellia(128) | SHA1 |
DHE-DSS-CAMELLIA128-SHA | DH | DSS | Camellia(128) | SHA1 |
EDH-RSA-DES-CBC3-SHA | DH | RSA | 3DES(168) | SHA1 |
EDH-DSS-DES-CBC3-SHA | DH | DSS | 3DES(168) | SHA1 |
ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
ECDH-RSA-AES128-SHA | ECDH/RSA | ECDH | AES(128) | SHA1 |
ECDH-ECDSA-AES128-SHA | ECDH/ECDSA | ECDH | AES(128) | SHA1 |
ECDH-RSA-DES-CBC3-SHA | ECDH/RSA | ECDH | 3DES(168) | SHA1 |
ECDH-ECDSA-DES-CBC3-SHA | ECDH/ECDSA | ECDH | 3DES(168) | SHA1 |
AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
AES128-SHA | RSA | RSA | AES(128) | SHA1 |
SEED-SHA | RSA | RSA | SEED(128) | SHA1 |
CAMELLIA128-SHA | RSA | RSA | Camellia(128) | SHA1 |
DES-CBC3-SHA | RSA | RSA | AES(168) | SHA256 |
PSK-AES128-CBC-SHA | PSK | PSK | AES(128) | SHA1 |
PSK-3DES-EDE-CBC-SHA | PSK | PSK | 3DES(168) | SHA1 |
KRB5-DES-CBC3-SHA | KRB5 | KRB5 | 3DES(168) | SHA1 |
Service | Traffic direction | Protocol | Port | Service type |
---|---|---|---|---|
Email (SMTP) notification and inventory reports | Outbound | TCP | 25 | Optional |
SNMP event notification | Outbound | UDP | 162 | Optional |
Syslog event notification | Outbound | UDP | 514 | Optional |
IPv4 DHCP (Node service address) | Outbound | UDP | 68 | Optional |
IPv6 DHCP (Node service address) | Outbound | UDP | 547 | Optional |
Network time server (NTP) | Outbound | UDP | 123 | Optional |
SSH for command line interface (CLI) access | Inbound | TCP | 22 | Mandatory |
HTTP to HTTPS redirect for GUI access | Inbound | TCP | 80 | Optional |
HTTPS redirect for GUI access | Inbound | TCP | 443 | Mandatory |
HTTP to HTTPS redirect for GUI access | Inbound | TCP | 8080 | Optional |
HTTPS for GUI access | Inbound | TCP | 8443 | Mandatory |
CIMOM (HTTPS) | Inbound | TCP | 5989 | Optional |
CIMOM SLPD | Inbound | UDP | 427 | Optional |
Remote user authentication service - HTTP | Outbound | TCP | 16310 | Optional |
Remote user authentication service - HTTPS | Outbound | TCP | 16311 | Optional |
Remote user authentication service - Lightweight Directory Access Protocol (LDAP) | Outbound | TCP | 389 | Optional |
iSCSI | Inbound | TCP | 3260 | Optional |
iSCSI iSNS | Outbound | TCP | 3260 | Optional |
IP Partnership management IP communication | Inbound | TCP | 3260 | Optional |
IP Partnership management IP communication | Outbound | TCP | 3260 | Optional |
IP Partnership data path connections | Inbound | TCP | 3265 | Optional |
IP Partnership data path connections | Outbound | TCP | 3265 | Optional |
At SSL security level 4, Google Chrome Version 63.0.3239.132 and higher and Mozilla Firefox Version 52.7.2 and later are known to work with the management GUI. IBM SDK, Java Technology Edition, Version 8 update 1.8.0_161 and later is known to work with the IP quorum application.