HP Secure Key Manager User Manual

• show cpiherspec
• cipherspec
• no cipherspec
• no export cipherspec
• restore cipherspec

Related com-
mand(s)

no cipherspec

– disable a cipherspec.

hostname (config)# no cipherspec <priority of enabled cipher>

Syntax

NOTE:

Unless you know the priority of the cipher you want to disable, you can use the show
cipherspec command to display the ciphers on the system.

• show cpiherspec
• cipherspec priority
• cipherspec
• no export cipherspec
• restore cipherspec

Related com-
mand(s)

no export cipherspec

– disable export cipherspecs (128–bit and below).

NOTE:

By executing this command, you are basically mandating that only high security ciphers (128–bit and
above) are used during SSL sessions. Please note that the cipher order pertains to the communication
channel between the client (application, database, etc.) and the SKM. It does not affect the keys that
might be used to encrypt data by the KMS Server.
You can restore the original SSL cipher order by executing the restore cipherspec command.

hostname (config)# no export cipherspec

Syntax

• show cpiherspec
• cipherspec priority
• cipherspec
• no cipherspec
• restore cipherspec

Related com-
mand(s)

no ssl protocol

– remove the specified protocol.

hostname (config)# no ssl protocol <protocol>

Syntax

• ssl protocol
• ssl-timeout
• show ssl

Related com-
mand(s)

restore cipherspec

– restore the cipherspecs to their default values.

hostname (config)# restore cipherspec

Syntax

Secure Key Manager

317