Although in almost all cases, the default settings do not need to be changed, you can configure the security protocols and cryptographic algorithms that are used to encrypt communications between clients and the Access Point appliance.

About this task

The default setting includes cipher suites that use either 128-bit or 256-bit AES encryption, except for anonymous DH algorithms, and sorts them by strength. By default, TLS v1.1 and TLS v1.2 are enabled. TLS v1.0 is disabled and SSL v3.0 are disabled.

Prerequisites

  • Familiarize yourself with the Access Point REST API. The specification for this API is available at the following URL on the virtual machine where Access Point is installed: https://access-point-appliance.example.com:9443/rest/swagger.yaml.

  • Familiarize yourself with the specific properties for configuring the cipher suites and protocols: cipherSuites, ssl30Enabled, tls10Enabled, tls11Enabled, and tls12Enabled.

Procedure

  1. Create a JSON request for specifying the protocols and cipher suites to use.

    The following example has the default settings.

    {
    "cipherSuites": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA",
      "ssl30Enabled": "false",
      "tls10Enabled": "false",
      "tls11Enabled": "true",
      "tls12Enabled": "true"
    }
  2. Use a REST client, such as curl or postman, to use the JSON request to invoke the Access Point REST API and configure the protocols and cipher suites.

    In the example, access-point-appliance.example.com is the fully qualified domain name of the Access Point appliance.

    curl -k -d @- -u 'admin' -H "Content-Type: application/json" -X PUT https://access-point-appliance.example.com:9443/rest/v1/config/system < ~/ciphers.json

    ciphers.json is the JSON request you created in the previous step.

Results

The cipher suites and protocols that you specified are used.