Customizing TLS and SSH Ciphers

CVP uses nginx to front and terminate all HTTPS connections. To support HTTPS, the server must be configured with a certificate. A self­signed certificate is generated at first bootup.

Configuring Custom TLS Ciphers

Complete these steps to configure custom TLS ciphers.

  1. Create a file named /etc/nginx/conf.d/locations/cvp-ciphers.https.conf that contains all of the SSL ciphers you need. Any open ssl cipher string can be used.
  2. Run the following command to make sure the configuration does not contain any errors:
    /usr/sbin/nginx -t -c /etc/nginx/conf.d/cvpi-server.conf 
  3. Run the following command to reload nginx with the updated configuration.
    systemctl reload nginx 

Configuring Custom SSH Cipher

Complete these steps to configure custom SSH ciphers.

Note: Upgrading CVP removes custom SSH ciphers. You must reconfigure SSH ciphers after the upgrade.

  1. Edit the/etc/cvpi/sshd_configto include custom ciphers and MAC definitions.
  2. Run the following command to make sure the configuration does not contain any errors:
    sshd -t -f /etc/cvpi/sshd_config
  3. Run the following command to reload sshd with the updated configuration.
    systemctl reload sshd