Cipher Sets

Custom cipher sets can be manipulated using the commands below.

Note: It is not possible to modify or delete system-defined cipher sets.

Modify a Custom Cipher Set/Create a New Custom Cipher Set

The modifycipherset command can be used to update an existing custom cipher set or create a new custom cipher set.

Example Command

https://<LoadMasterIPAddress>/access/modifycipherset?name=<CustomCipherSetName>&value=<Cipher(s)>

Available Parameters


Name	Type	Range	Description
name	S	The valid values for the name parameter are below: Default Default_NoRc4 BestPractices Intermediate_compatibility Backward_compatibility WUI FIPS Legacy <NameOfCustomCipherSet> The values are case sensitive.	Name of the cipher set to be modified. If the name of an existing cipher set is specified, that cipher set will be updated. If a new name is used, a new cipher set will be created.
value	S	List of valid ciphers	List the ciphers to include in the cipher set. Multiple ciphers can be assigned by separating them with a colon (:).

Example Output

<Response stat="200" code="ok">

<Success>Cipher set updated</Success>

</Response>

Retrieve the Details of an Existing Cipher Set

The getcipherset command can be used to retrieve the list of ciphers which are in the specified cipher set.

Example Command

https://<LoadMasterIPAddress>/access/getcipherset?name=<CipherSetName>

Available Parameters


Name	Type	Range	Description
name	S	The valid values for the name parameter are below: Default Default_NoRc4 BestPractices Intermediate_compatibility Backward_compatibility WUI FIPS Legacy <NameOfCustomCipherSet> The values are case sensitive.	Name of the cipher set to be retrieved.

<Response stat="200" code="ok">

<Success>

<Data>

<cipherset>

ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-SHA256:AES128-SHA:DES-CBC3-SHA

</cipherset>

</Data>

</Success>

</Response>

Delete a Custom Cipher Set

The delcipherset command can be used to delete an existing custom cipher set.

Example Command

https://<LoadMasterIPAddress>/access/delcipherset?name=<CustomCipherSetName>

Note: A custom cipher set cannot be deleted if it is assigned to any Virtual Services. If this command is run when a cipher set is assigned to a Virtual Service, an error message will be returned which says Command Failed: Cipher set in use.

Available Parameters


Name	Type	Range	Description
name	S	The valid values for the name parameter are below: Default Default_NoRc4 BestPractices Intermediate_compatibility Backward_compatibility WUI FIPS Legacy <NameOfCustomCipherSet> The values are case sensitive.	Name of the cipher set to be retrieved.

Expected Output

<Response stat="200" code="ok">

<Success>Cipher set deleted</Success>

</Response>

Interface Description Multi Tenant LoadMaster API

Cipher Sets

Table of Contents

Cipher Sets

Modify a Custom Cipher Set/Create a New Custom Cipher Set

Retrieve the Details of an Existing Cipher Set

Delete a Custom Cipher Set