Our Brands

Welcome to the Schneider Electric Website

Welcome to our website.
Support
Search FAQs
FA359198
How can we help you today?
How to select SSL/TLS cipher suites on Network Management Cards

Article available in these languages: Spanish

Issue
Users may need to adjust the list of SSL/TLS ciphers in use for NMC web access on the NMC, to comply with local security policies, changes in browser compatibility, or to reflect ever-changing best practices.

Product Line
Network Management Card 2 – AP9630/CH, AP9631/CH, AP9635/CH
Devices with an embedded Network Management Card 2 include (but are not limited to): 2G Metered/Switched Rack PDUs (AP84XX, AP86XX, AP88XX, AP89XX), Rack Automatic Transfer Switches (AP44XX), Certain Audio/Video Network Management Enabled products, Smart-UPS Online (SRT).

Environment
AOS versions 6.6.4 onwards.

Resolution

Via the NMC command line:

Issue the “cipher” command to show the current enabled set, or “cipher help” for usage notes.
eg; 
apc>cipher help
Usage: cipher --  Configuration Options
    Note: The minimal protocol setting is not considered when showing
           the available ciphers.

    cipher [-aes (enable | disable)] (AES)
           [-dh (enable | disable)] (DH)
           [-rsake (enable | disable)] (RSA Key Exchange)
           [-rsaau (enable | disable)] (RSA Authentication)
           [-sha1 (enable | disable)] (SHA)
           [-sha2 (enable | disable)] (SHA256)
           [-ecdhe (enable | disable)] (ECDHE)
Note:
Prior to 6.8.0, each option (eg -rc4) toggled the current state; these are now explicitly deterministic.
Reboot to commit changes.

Example:
List current settings, showing that all available are enabled (as default):
>cipher
E000: Success
Key Exchange Algorithms
-----------------------

        DH                   enabled
        RSA Key Exchange     enabled

Authentication Algorithms
-------------------------
(Warning: disabling the only algorithm in category
          will block all SSL/TLS sessions)

        RSA Authentication   enabled

Block Cipher Algorithms
-----------------------

        triple-DES           enabled
        RC4                  enabled
        AES                  enabled

MAC Algorithms
--------------

        MD5                  enabled
        SHA                  enabled
        SHA256               enabled
[...]
Disable RC4 cipher and RSA key-exchange:
>cipher -rc4 disable
E002: Success

>cipher -rsake disable
E002: Success

List new settings, confirming expected changes:
>cipher
E000: Success
Key Exchange Algorithms
-----------------------

        DH                   enabled
        RSA Key Exchange     disabled

Authentication Algorithms
-------------------------
(Warning: disabling the only algorithm in category
          will block all SSL/TLS sessions)

        RSA Authentication   enabled

Block Cipher Algorithms
-----------------------

        triple-DES           enabled
        RC4                  disabled
        AES                  enabled

MAC Algorithms
--------------

        MD5                  enabled
        SHA                  enabled
        SHA256               enabled
[...]

Using INI files (eg, for mass configuration):
[CryptographicAlgorithms]
;Warning: Changing these values can affect system access.
TripleDES=enabled
RC4=disabled
AES=enabled
DH=enabled
RSA_KE=disabled
RSA_Auth=enabled
MD5=enabled
SHA=enabled
SHA256=enabled

Using the web interface:

These settings are not yet exposed via the web UI.

Troubleshooting:

Be aware that disabling ciphers may affect browser compatibility; SSL/TLS will be unusable to the user unless their browser and the NMC have at least one cipher suite in common. Browser errors such as "ssl_error_no_cypher_overlap" or "err_ssl_version_or_cipher_mismatch" would indicate such an incompatibility.

Released for: Schneider Electric Saudi Arabia
Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.

Need help?

  • Start here!

    Find answers now. Search for a solution on your own, or connect with one of our experts.

  • Contact Support

    Reach out to our customer care team to receive more information, technical support, assistance with complaints and more.

  • Where to buy?

    Easily find the nearest Schneider Electric distributor in your location.

  • Search FAQs

    Search topic-related frequently asked questions to find answers you need.

  • Contact Sales

    Start your sales enquiry online and an expert will connect with you.

I'd like to receive news and commercial info from Schneider Electric and its affiliates via electronic communication means such as email, and I agree to the collection of information on the opening and clicks on these emails (using invisible pixels in the images), to measure performance of Schneider Electric's communications and to improve them. For more details, please read our Privacy Policy.
  • Product Documentation
  • Software Downloads
  • Product Selector
  • Product Substitution and Replacement
  • Help and Contact Centre
  • Find our Offices
  • Get a Quote
  • Where to buy
  • Careers
  • Company Profile
  • Report a misconduct
  • Accessibility
  • Newsroom
  • Investors
  • EcoStruxure
  • Job Search
  • Blog
  • Privacy Policy
  • Cookie Notice
  • Terms of use
  • Change your cookie settings
Your browser is out of date and has known security issues.

It also may not display all features of this website or other websites.

Please upgrade your browser to access all of the features of this website.

Latest version for Google Chrome, Mozilla Firefox or Microsoft Edgeis recommended for optimal functionality.