Lantronix SLC 8000 Advanced Console Manager User Guide - Page 158
Admin Web Commands, Enable TLS v1.1, Protocol, Cipher, Use only SHA2 and, Higher Ciphers, Group Access
View all Lantronix SLC 8000 Advanced Console Manager manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 158 highlights
7: Services Enable TLS v1.1 Protocol By default, the web supports the TLS v1.1 protocol. Clear this check box to disable the TLS v1.1 protocol. You must reboot or restart the web server with the CLI command "admin web restart" for the change to take effect. Enable TLS v1.2 Protocol By default, the web supports the TLS v1.2 protocol. Clear this check box to disable the TLS v1.2 protocol. You must reboot or restart the web server with the CLI command "admin web restart" for the change to take effect. Cipher By default, the web uses High/Medium security (128 bits or higher) for the cipher. This option can be used to configure the web to also support just High security ciphers (256 bit, 168 bit and some 128 bit), or FIPS approved ciphers (see Security.) Changing this option requires a reboot or restarting the web server with the CLI command admin web restart for the change to take effect. Use only SHA2 and Higher Ciphers By default, the web supports SHA1 as well as SHA2 and higher ciphers. Check this option to support only SHA2 and higher ciphers. Changing this option requires a reboot or restarting the web server with the CLI command "admin web restart" for the change to take effect. Note: FIPS approved ciphers do not include TLSv1.3 ciphers. If FIPS approved ciphers are selected, TLSv1.3 will not be used for connection to the web server.The TLSv1.3 ciphers supported by the web server are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256. Group Access Specify one or more groups to allow access to the Web Manager user interface. If undefined, any group can access the web. If one or more groups are specified (groups are delimited by the characters ',' (comma) or ';' (semicolon)), then any user who logs into the web must be a member of one of the specified groups, otherwise access will be denied. Users authenticated via RADIUS may have a group (or groups) provided by the RADIUS server via the Filter-Id attribute that overrides the group defined for a user on the SLC. A group provided by a remote server must be either a single group or multiple groups delimited by the characters ',' (comma), ';' (semicolon), or '=' (equals) - for example "group=group1,group2;" or "group1,group2,group3". Banner Enter to replace default text displayed on the Web Manager home page after the user logs in. May contain up to 1024 characters. Blank by default. To create additional lines in the banner use the \n character sequence. Network Interfaces The interfaces that the web server is available on. By default, Eth1, Eth2 and PPP interfaces on modems are enabled. Run Web Server If enabled, the web server will run and listen on TCP ports 80 and 443 (all requests to port 80 are redirected to port 443). By default, the web server is enabled. The web server supports TLS 1.0, TLS 1.1, and TLS 1.2. Due to security vulnerabilities, SSL is not supported. Note: This option can only be changed at the CLI. 3. Click the Apply button to save. Admin Web Commands Go to Access List Commands to view CLI commands which correspond to the web page entries described above. SLC™ 8000 Advanced Console Manager User Guide 158