Document toolboxDocument toolbox

Secure Syslog Transport

Owned by Aliaksei Shautsou (Deactivated)
Last updated: Jan 24, 2018 by Poojary Dimple
1 min read

The TOE provides the secure syslog transport feature using the TLS protocol. This allows secure transmission of messages between the syslog client, i.e. your NIOS appliance, and an external syslog server. You must use this feature to be Common Criteria compliant.
To ensure secure syslog transport, you add a trusted CA certificate of the server to your NIOS appliance. The certificate is then used to establish a secure connection to the server before transmitting data. For more information, see Specifying Syslog Servers.

SSL and TLS Protocols

You can enable SSL and TLS protocols in CC mode using the following commands:

  • set ssl_tls_settings: Use this command to override or restore the default SSL/TLS settings.
  • set ssl_tls_protocols: Use this command to enable or disable the SSL/TLS protocols.
  • set ssl_tls_ciphers: Use this command to enable or disable the SSL/TLS cipher suites.

For more information about the SSL/TLS protocols, see SSL and TLS Protocols. For more information about the list of commands related to SSL/TLS protocols and ciphers, refer to the Infoblox CLI Guide.

The commands listed below display the default settings of SSL/TLS protocols in CC mode:

Infoblox > show ssl_tls_protocols

TLSv1.0 TLSv1.1 TLSv1.2

Infoblox > show ssl_tls_ciphers

TLS_DHE_RSA_WITH_AES_128_CBC_SHA enabled

TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled

TLS_RSA_WITH_AES_128_CBC_SHA     enabled

TLS_RSA_WITH_AES_256_CBC_SHA     enabled

The commands listed below display the default settings of SSL/TLS protocols in normal mode:

Infoblox > show ssl_tls_protocols

TLSv1.0 TLSv1.1 TLSv1.2

Infoblox > show ssl_tls_ciphers

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 enabled

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 enabled

TLS_DHE_RSA_WITH_AES_128_CBC_SHA    enabled

TLS_DHE_RSA_WITH_AES_256_CBC_SHA    enabled

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 enabled

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 enabled

TLS_RSA_WITH_AES_128_GCM_SHA256     enabled

TLS_RSA_WITH_AES_128_CBC_SHA        enabled

TLS_RSA_WITH_AES_128_CBC_SHA256     enabled

TLS_RSA_WITH_3DES_EDE_CBC_SHA       enabled

TLS_RSA_WITH_AES_256_GCM_SHA384     enabled

TLS_RSA_WITH_AES_256_CBC_SHA        enabled

TLS_RSA_WITH_AES_256_CBC_SHA256     enabled

TLS_DHE_DSS_WITH_AES_256_CBC_SHA    disabled

TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA    disabled

TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA    disabled

TLS_DHE_DSS_WITH_AES_128_CBC_SHA    disabled

TLS_RSA_WITH_RC4_128_SHA            disabled

TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 disabled

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 disabled

TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 disabled

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 disabled