When you log in to the NIOS appliance, your computer makes an HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer protocol) connection to the NIOS appliance. HTTPS is the secure version of HTTP, the client-server protocol used to send and receive communications throughout the Web. HTTPS uses SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security) protocols to secure the connection between a client and server. SSL/TLS provides server authentication and encryption. The NIOS appliance supports TLS versions 1.0, 1.1, 1.2 and 1.3. TLS provides cipher suites that are used to negotiate the security settings for the secure connection. Infoblox has provided a few CLI commands so you can enable and disable specific cipher suites. For detailed information about these CLI commands, see Using the NIOS CLI.
Note that
Enabling or disabling the TLS ciphers will enable or disable the equivalent SSHd cipher.
...
TLS Suite Name | Open SSL Suite Name | SSHd Cipher | SSHd MAC |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | aes256-cbc | hmac-sha1, |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | DHE-DSS-AES256-SHA | aes256-cbc | hmac-sha1, |
TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | aes256-cbc | hmac-sha1, |
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | 3des-cbc | hmac-sha1, |
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | EDH-DSS-DES-CBC3-SHA | 3des-cbc | hmac-sha1, |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | 3des-cbc | hmac-sha1, |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | DHE-DSS-AES128-SHA | aes128-cbc | hmac-sha1, |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | DHE-DSS-AES128-SHA | aes128-cbc | hmac-sha1, hmac-sha1-etm@openssh.com |
TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | aes128-cbc | hmac-sha1, |
TLS_RSA_WITH_RC4_128_SHA | RC4-SHA | arcfour128 | hmac-sha1, |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | DHE-DSS-AES256-GCM-SHA384 | aes256-gcm@openssh.com | hmac-sha2-512, |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | DHE-DSS-AES256-GCM-SHA384 | aes256-gcm@openssh.com | hmac-sha2-512, |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | DHE-RSA-AES256-SHA256 | aes256-cbc | hmac-sha2-256, |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | DHE-DSS-AES256-SHA256 | aes256-cbc | hmac-sha2-256, |
TLS_RSA_WITH_AES_256_GCM_SHA384 | AES256-GCM-SHA384 | aes256-gcm@openssh.com | hmac-sha2-512, |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | DHE-DSS-AES128-GCM-SHA256 | aes128-gcm@openssh.com | hmac-sha2-256, |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | DHE-RSA-AES128-GCM-SHA256 | aes128-gcm@openssh.com | hmac-sha2-256, |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | DHE-RSA-AES128-SHA256 | aes128-cbc | hmac-sha2-256, |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | DHE-DSS-AES128-SHA256 | aes128-cbc | hmac-sha2-256, |
TLS_RSA_WITH_AES_128_GCM_SHA256 | AES128-GCM-SHA256 | aes128-gcm@openssh.com | hmac-sha2-256, hmac-sha2-256-etm@openssh.com |
TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 | aes128-cbc | hmac-sha2-256, |
TLS version 1.3 and TLS Cipher Suites supported from NIOS 9.0.4 | |||
TLS_AES_256_GCM_SHA384 | TLS_AES_256_GCM_SHA384 | ||
TLS_CHACHA20_POLY1305_SHA256 | TLS_CHACHA20_POLY1305_SHA256 | ||
TLS_AES_128_GCM_SHA256 | TLS_AES_128_GCM_SHA256 | ||
TLS_AES_128_CCM_8_SHA256 | TLS_AES_128_CCM_8_SHA256 | ||
TLS_AES_128_CCM_SHA256 | TLS_AES_128_CCM_SHA256 | ||
...