sysconf tls ciphers show

Show the current list of ciphers from which the Network HSM appliance's TLS service can negotiate connection security for a session.

NOTE This feature requires minimum Luna Appliance Software 7.2.0 and Luna HSM Client 7.2.0.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

>Monitor

Syntax

sysconf tls ciphers show [-exportTemplate <file name>]

Argument(s)	Shortcut	Description
-exportTemplate <filename>	-a	Output the current TLS cipher settings to a Template file.

Example with no argument (Luna Network HSM 7 appliance software 7.8.3 and newer)

lunash:>sysconf tls ciphers show

The following cipher suites are available to configure TLS:

Available Ciphers
--------------------------------------------------
TLS_AES_256_GCM_SHA384        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(256)             Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256  TLSv1.3  Kx=any   Au=any  Enc=CHACHA20/POLY1305(256)  Mac=AEAD
TLS_AES_128_GCM_SHA256        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(256)             Mac=AEAD
DHE-RSA-AES256-GCM-SHA384     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(256)             Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(128)             Mac=AEAD
DHE-RSA-AES128-GCM-SHA256     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-SHA384       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(256)                Mac=SHA384
DHE-RSA-AES256-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(256)                Mac=SHA256
ECDHE-RSA-AES128-SHA256       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(128)                Mac=SHA256
DHE-RSA-AES128-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(128)                Mac=SHA256
AES256-GCM-SHA384             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(256)             Mac=AEAD
AES128-GCM-SHA256             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(128)             Mac=AEAD
AES256-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(256)                Mac=SHA256
AES128-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(128)                Mac=SHA256

The selected TLS cipher suites are used by the NTLS, STC outer tunnel, RBS, Ped vector Server/Client features
TLS is using the following cipher suites:
Cipher suites are listed from highest to lowest priority.

Configured Ciphers (highest priority at top)
--------------------------------------------------
TLS_AES_256_GCM_SHA384        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(256)             Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256  TLSv1.3  Kx=any   Au=any  Enc=CHACHA20/POLY1305(256)  Mac=AEAD
TLS_AES_128_GCM_SHA256        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(256)             Mac=AEAD
DHE-RSA-AES256-GCM-SHA384     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(256)             Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(128)             Mac=AEAD
DHE-RSA-AES128-GCM-SHA256     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-SHA384       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(256)                Mac=SHA384
DHE-RSA-AES256-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(256)                Mac=SHA256
ECDHE-RSA-AES128-SHA256       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(128)                Mac=SHA256
DHE-RSA-AES128-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(128)                Mac=SHA256
AES256-GCM-SHA384             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(256)             Mac=AEAD
AES128-GCM-SHA256             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(128)             Mac=AEAD
AES256-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(256)                Mac=SHA256
AES128-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(128)                Mac=SHA256


Command Result : 0 (Success)

Example with no argument (prior to Luna Network HSM 7 appliance software 7.8.3)

lunash:>sysconf tls ciphers show

The following cipher suites are available to configure TLS:

Available Ciphers
--------------------------------------------------
ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(256)  Mac=AEAD
ECDHE-RSA-AES256-SHA384      TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(256)     Mac=SHA384
DHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(256)  Mac=AEAD
DHE-RSA-AES256-SHA256        TLSv1.2  Kx=DH    Au=RSA  Enc=AES(256)     Mac=SHA256
AES256-GCM-SHA384            TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(256)  Mac=AEAD
AES256-SHA256                TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(256)     Mac=SHA256
ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(128)  Mac=AEAD
ECDHE-RSA-AES128-SHA256      TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(128)     Mac=SHA256
DHE-RSA-AES128-GCM-SHA256    TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(128)  Mac=AEAD
DHE-RSA-AES128-SHA256        TLSv1.2  Kx=DH    Au=RSA  Enc=AES(128)     Mac=SHA256
AES128-GCM-SHA256            TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(128)  Mac=AEAD
AES128-SHA256                TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(128)     Mac=SHA256

The selected TLS cipher suites are used by the NTLS, STC outer tunnel, RBS, Ped vector Server/Client features
TLS is using the following cipher suites:
Cipher suites are listed from highest to lowest priority.

Configured Ciphers (highest priority at top)
--------------------------------------------------
ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(256)  Mac=AEAD
ECDHE-RSA-AES256-SHA384      TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(256)     Mac=SHA384
DHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(256)  Mac=AEAD
DHE-RSA-AES256-SHA256        TLSv1.2  Kx=DH    Au=RSA  Enc=AES(256)     Mac=SHA256
AES256-GCM-SHA384            TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(256)  Mac=AEAD
AES256-SHA256                TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(256)     Mac=SHA256


Command Result : 0 (Success)

Example exporting a template

lunash:>sysconf tls ciphers show -exportTemplate tls_template.txt

The following cipher suites are available to configure TLS:

Available Ciphers
--------------------------------------------------
TLS_AES_256_GCM_SHA384        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(256)             Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256  TLSv1.3  Kx=any   Au=any  Enc=CHACHA20/POLY1305(256)  Mac=AEAD
TLS_AES_128_GCM_SHA256        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(256)             Mac=AEAD
DHE-RSA-AES256-GCM-SHA384     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(256)             Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(128)             Mac=AEAD
DHE-RSA-AES128-GCM-SHA256     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-SHA384       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(256)                Mac=SHA384
DHE-RSA-AES256-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(256)                Mac=SHA256
ECDHE-RSA-AES128-SHA256       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(128)                Mac=SHA256
DHE-RSA-AES128-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(128)                Mac=SHA256
AES256-GCM-SHA384             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(256)             Mac=AEAD
AES128-GCM-SHA256             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(128)             Mac=AEAD
AES256-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(256)                Mac=SHA256
AES128-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(128)                Mac=SHA256

The selected TLS cipher suites are used by the NTLS, STC outer tunnel, RBS, Ped vector Server/Client features
TLS is using the following cipher suites:
Cipher suites are listed from highest to lowest priority.

Configured Ciphers (highest priority at top)
--------------------------------------------------
TLS_AES_256_GCM_SHA384        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(256)             Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256  TLSv1.3  Kx=any   Au=any  Enc=CHACHA20/POLY1305(256)  Mac=AEAD
TLS_AES_128_GCM_SHA256        TLSv1.3  Kx=any   Au=any  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(256)             Mac=AEAD
DHE-RSA-AES256-GCM-SHA384     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(256)             Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256   TLSv1.2  Kx=ECDH  Au=RSA  Enc=AESGCM(128)             Mac=AEAD
DHE-RSA-AES128-GCM-SHA256     TLSv1.2  Kx=DH    Au=RSA  Enc=AESGCM(128)             Mac=AEAD
ECDHE-RSA-AES256-SHA384       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(256)                Mac=SHA384
DHE-RSA-AES256-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(256)                Mac=SHA256
ECDHE-RSA-AES128-SHA256       TLSv1.2  Kx=ECDH  Au=RSA  Enc=AES(128)                Mac=SHA256
DHE-RSA-AES128-SHA256         TLSv1.2  Kx=DH    Au=RSA  Enc=AES(128)                Mac=SHA256
AES256-GCM-SHA384             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(256)             Mac=AEAD
AES128-GCM-SHA256             TLSv1.2  Kx=RSA   Au=RSA  Enc=AESGCM(128)             Mac=AEAD
AES256-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(256)                Mac=SHA256
AES128-SHA256                 TLSv1.2  Kx=RSA   Au=RSA  Enc=AES(128)                Mac=SHA256

Generated cipher template file "tls_template.txt"



Command Result : 0 (Success)



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-05-06 11:28:46 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information