您可以使用安全套接字 (SSL) 连接来改善系统间通信。
这些有关安全设置的信息适用于当前发行版。较早的代码发行版可能支持其他因安全漏洞原因而不再支持的密码。
系统将生成自签名证书以对 SSL 连接进行认证。在生产过程中,每个节点都将生成一个初始的自签名安全证书。将在配置新系统时或者用户请求重新生成证书时生成新证书。
系统一般包含 2 到 8 个节点,所有这些节点都共享系统中的证书。将新节点添加到系统后,将为该节点提供当前证书的副本。如果从系统中移除节点(或者在发生硬件故障后进行更换),移除的节点可能会保留存储在节点引导驱动器上的证书的副本。
您可以在卸下或更换硬件后生成新证书,这将提高安全性(避免影响早期证书的可能性)。在生成证书时,系统将使用 2048 位 RSA 密钥和 SHA-256 散列。
系统使用 SSL 连接来控制对管理 GUI、服务助手 GUI、密钥服务器和 CIMON 的访问。SSL 连接使用安全密码来帮助控制访问。
您可以使用不同级别的 SSL 所支持的安全密码。每个级别支持提供不同加密强度的密码。您可以将安全级别设置为 4 级,以符合 NIST 800-131a 标准。您可以将安全级别设置为 2 级,并使用散列算法 SHA-1 进行消息认证。
您可以将安全级别设置为 1 级,但部分可用的加密算法不会被 NIST 800-131a 和 FIPS 140-2 批准。安全级别 4 是支持的最高级别。SSL 安全级别 1 是目前支持的最低安全级别。
安全级别 0 不再受支持。
| SSL 级别 | 是否支持? |
|---|---|
| TLS 1.2 | 是 |
| TLS 1.1 | 否 |
| TLS 1.0 | 否 |
| SSL 3 和更低版本 | 否 |
| Java SSL 密码 |
|---|
| SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| 密码 | Kx | Au | Enc | Mac |
|---|---|---|---|---|
| ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
| DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
| ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
| DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
| SSL 级别 | 是否支持? |
|---|---|
| TLS 1.2 | 是 |
| TLS 1.1 | 否 |
| TLS 1.0 | 否 |
| SSL 3 和更低版本 | 否 |
| Java SSL 密码 |
|---|
| SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| SSL_RSA_WITH_AES_256_CBC_SHA |
| SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
| SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
| SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| 密码 | Kx | Au | Enc | Mac |
|---|---|---|---|---|
| ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
| ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
| ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
| DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
| DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
| DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
| ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
| ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
| ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
| ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
| AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
| AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
| ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
| ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
| ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
| DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
| DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
| DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
| DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
| ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
| ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
| ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
| ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
| AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
| AES128-SHA256 | RSA | RSA | AES(128) | SHA256 |
| SSL 级别 | 是否支持? |
|---|---|
| TLS 1.2 | 是 |
| TLS 1.1 | 否 |
| TLS 1.0 | 否 |
| SSL 3 和更低版本 | 否 |
| SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| SSL_RSA_WITH_AES_256_CBC_SHA |
| SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
| SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
| SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| SSL_RSA_WITH_AES_128_CBC_SHA |
| SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| SSL_ECDH_RSA_WITH_AES_128_CBC_SHA |
| SSL_DHE_RSA_WITH_AES_128_CBC_SHA |
| SSL_DHE_DSS_WITH_AES_128_CBC_SHA |
| 密码 | Kx | Au | Enc | Mac |
|---|---|---|---|---|
| ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
| ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
| ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
| DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
| DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
| DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
| ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
| ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
| ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
| ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
| AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
| AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
| AES256-SHA | RSA | RSA | AES(256) | SHA1 |
| ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
| ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
| ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
| DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
| DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
| DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
| DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
| ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
| ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
| ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
| ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
| AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
| AES128-SHA256 | RSA | RSA | AES(128) | SHA256 |
| AES128-SHA | RSA | RSA | AES(128) | SHA1 |
| DES-CBC3-SHA | RSA | RSA | 3DES(168) | SHA1 |
| SSL 级别 | 是否支持? |
|---|---|
| TLS 1.2 | 是 |
| TLS 1.1 | 是 |
| TLS 1.0 | 否 |
| SSL 3 和更低版本 | 否 |
| SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
| SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| SSL_RSA_WITH_AES_256_CBC_SHA |
| SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
| SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
| SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
| SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| SSL_RSA_WITH_AES_128_CBC_SHA |
| SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| SSL_ECDH_RSA_WITH_AES_128_CBC_SHA |
| SSL_DHE_RSA_WITH_AES_128_CBC_SHA |
| SSL_DHE_DSS_WITH_AES_128_CBC_SHA |
| SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA |
| SSL_RSA_WITH_3DES_EDE_CBC_SHA |
| SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
| SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
| 密码 | Kx | Au | Enc | Mac |
|---|---|---|---|---|
| ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
| ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
| ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
| ECDHE-RSA-AES256-SHA | ECDH | RSA | AES(256) | SHA1 |
| ECDHE-ECDSA-AES256-SHA | ECDH | ECDSA | AES(256) | SHA1 |
| DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
| DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
| DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
| DHE-DSS-AES256-SHA256 | DH | DSS | AES(256) | SHA256 |
| DHE-RSA-AES256-SHA | DH | RSA | AES(256) | SHA1 |
| DHE-DSS-AES256-SHA | DH | DSS | AES(256) | SHA1 |
| DHE-RSA-CAMELLIA256-SHA | DH | RSA | Camellia(256) | SHA1 |
| DHE-DSS-CAMELLIA256-SHA | DH | DSS | Camellia(256) | SHA1 |
| ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
| ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
| ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
| ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
| ECDH-RSA-AES256-SHA | ECDH/RSA | ECDH | AES(256) | SHA1 |
| ECDH-ECDSA-AES256-SHA | ECDH/ECDSA | ECDH | AES(256) | SHA1 |
| AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
| AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
| AES256-SHA | RSA | RSA | AES(256) | SHA1 |
| CAMELLIA256-SHA | RSA | RSA | Camellia(256) | SHA1 |
| PSK-AES256-CBC-SHA | PSK | PSK | AES(256) | SHA1 |
| ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
| ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
| ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
| ECDHE-RSA-AES128-SHA | ECDH | RSA | AES(128) | SHA1 |
| ECDHE-ECDSA-AES128-SHA | ECDH | ECDSA | AES(128) | SHA1 |
| DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
| DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
| DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
| DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
| DHE-RSA-AES128-SHA | DH | RSA | AES(128) | SHA1 |
| DHE-DSS-AES128-SHA | DH | DSS | AES(128) | SHA1 |
| ECDHE-RSA-DES-CBC3-SHA | ECDH | RSA | 3DES(168) | SHA1 |
| ECDHE-ECDSA-DES-CBC3-SHA | ECDH | ECDSA | 3DES(168) | SHA1 |
| DHE-RSA-SEED-SHA | DH | RSA | SEED(128) | SHA1 |
| DHE-DSS-SEED-SHA | DH | DSS | SEED(128) | SHA1 |
| DHE-RSA-CAMELLIA128-SHA | DH | RSA | Camellia(128) | SHA1 |
| DHE-DSS-CAMELLIA128-SHA | DH | DSS | Camellia(128) | SHA1 |
| EDH-RSA-DES-CBC3-SHA | DH | RSA | 3DES(168) | SHA1 |
| EDH-DSS-DES-CBC3-SHA | DH | DSS | 3DES(168) | SHA1 |
| ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
| ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
| ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
| ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
| ECDH-RSA-AES128-SHA | ECDH/RSA | ECDH | AES(128) | SHA1 |
| ECDH-ECDSA-AES128-SHA | ECDH/ECDSA | ECDH | AES(128) | SHA1 |
| ECDH-RSA-DES-CBC3-SHA | ECDH/RSA | ECDH | 3DES(168) | SHA1 |
| ECDH-ECDSA-DES-CBC3-SHA | ECDH/ECDSA | ECDH | 3DES(168) | SHA1 |
| AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
| AES128-SHA | RSA | RSA | AES(128) | SHA1 |
| SEED-SHA | RSA | RSA | SEED(128) | SHA1 |
| CAMELLIA128-SHA | RSA | RSA | Camellia(128) | SHA1 |
| DES-CBC3-SHA | RSA | RSA | AES(168) | SHA256 |
| PSK-AES128-CBC-SHA | PSK | PSK | AES(128) | SHA1 |
| PSK-3DES-EDE-CBC-SHA | PSK | PSK | 3DES(168) | SHA1 |
| KRB5-DES-CBC3-SHA | KRB5 | KRB5 | 3DES(168) | SHA1 |
| 服务 | 流量方向 | 协议 | 端口 | 服务类型 |
|---|---|---|---|---|
| 电子邮件 (SMTP) 通知和库存报告 | 出站 | TCP | 25 | 可选 |
| SNMP 事件通知 | 出站 | UDP | 162 | 可选 |
| Syslog 事件通知 | 出站 | UDP | 514 | 可选 |
| IPv4 DHCP(节点服务地址) | 出站 | UDP | 68 | 可选 |
| IPv6 DHCP(节点服务地址) | 出站 | UDP | 547 | 可选 |
| 网络时间服务器 (NTP) | 出站 | UDP | 123 | 可选 |
| 用于命令行界面 (CLI) 访问的 SSH | 入站 | TCP | 22 | 必需 |
| 用于 GUI 访问的 HTTP 到 HTTPS 重定向 | 入站 | TCP | 80 | 可选 |
| 用于 GUI 访问的 HTTPS 重定向 | 入站 | TCP | 443 | 必需 |
| 用于 GUI 访问的 HTTP 到 HTTPS 重定向 | 入站 | TCP | 8080 | 可选 |
| 用于 GUI 访问的 HTTPS | 入站 | TCP | 8443 | 必需 |
| CIMOM (HTTPS) | 入站 | TCP | 5989 | 可选 |
| CIMOM SLPD | 入站 | UDP | 427 | 可选 |
| 远程用户认证服务 - HTTP | 出站 | TCP | 16310 | 可选 |
| 远程用户认证服务 - HTTPS | 出站 | TCP | 16311 | 可选 |
| 远程用户认证服务 - 轻量级目录访问协议 (LDAP) | 出站 | TCP | 389 | 可选 |
| iSCSI | 入站 | TCP | 3260 | 可选 |
| iSCSI iSNS | 出站 | TCP | 3260 | 可选 |
| IP 伙伴关系管理 IP 通信 | 入站 | TCP | 3260 | 可选 |
| IP 伙伴关系管理 IP 通信 | 出站 | TCP | 3260 | 可选 |
| IP 伙伴关系数据路径连接 | 入站 | TCP | 3265 | 可选 |
| IP 伙伴关系数据路径连接 | 出站 | TCP | 3265 | 可选 |
在 SSL 安全级别 4,已知 Google Chrome V63.0.3239.132 及更高版本和 Mozilla Firefox V52.7.2 及更高版本可以与管理 GUI 一起使用。已知 IBM SDK Java Technology Edition V8 更新 1.8.0_161 及更高版本可以与 IP 定额应用程序一起使用。