How To Create & Restore Custom Cipher Sets
This article will show you how to create and restore a custom cipher set on the Loadmaster.
Creating a Custom Cipher Set
Prerequisite: Make sure you are offloading on the VS and have a certificate assigned.
Please navigate to Certificates and Security -> Cipher Sets -> Cipher Set Management
In the screenshot above, the ciphers that are in Available Ciphers that are highlighted blue are already assigned to the Assigned Ciphers
Please use the Filter field to filter ciphers and locate specific ciphers you want to use without scrolling through the whole list.list
If you want to add a cipher from the available Ciphers list to the assigned Cipher, drop & drag them across. Click the specific cipher that you want to assign into the assigned cipher set. Any of the ciphers that was just moved into assigned ciphers is now highlighted blue.
Once completed, the Customer Cipher Set can then be saved by entering in a Custom Cipher Set name by selecting the "Save" option.
Now that it is saved, you can navigate to the virtual service that you want to use the cipher set in and chose the new custom cipher set.
Restoring a Customer Cipher Set
Prerequisite: User needs to already have a backup file saved to restore the previous Cipher Set configuration.
This is intended for users who may have lost the custom cipher set or made an unintended change to the cipher set.
Restoring Custom Cipher Set (LoadMaster Base Configuration upload)
1. Navigate to the Loadmaster where the configurations will be restored to.
2. Navigate to System Configuration > System Administration > Backup/Restore.
3. Click Choose File.
4. Browse to and select the backup file.
5. Check LoadMaster Base Configuration.
6. Restore Configuration.
Note. This is a base configuration upload. This will require a reboot of the unit. All existing configuration will be removed and replaced with the restored backup config. Use caution if applying this configuration to a different unit.
View your Restored Custom Cipher Sets
Navigate to Certificates & Security -> Cipher Sets -> Cipher set and the custom sets will be in the drop-down.
Comments
Hi @werner.thal
A work around for this would be to use our API
https://support.kemptechnologies.com/hc/en-us/articles/203863435-RESTful-API#MadCap_TOC_64_3
You could first pull the cipher set using the command below:
https://IP of LMaccess/getcipherset?name=cipher set name
This will give you a list of the ciphers in that set name.
Then you could go to your new LM or another one and past those values in using the command below:
https://IP of LM/access/modifycipherset?name=Name of cipher set&value=ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:DES-CBC3-SHA
The value is the actual cipher name separated by colon.
Hey Nick,
that saved my day!
Thanks a lot for your advice. If I am allowed to make another wish - it would be nice to have an Ansible module, for creating/changing/deleting Cipher Sets.
Great! Glad it worked. As for the anisble stuff I am going to give you a link to our ideas portal. You can request this and our PM team will see this and also other customers. I know in the past we have dabbled in Anisble on our K360 Central product, but in the LoadMaster itself not much has gone into it as far as I know.
Thanks a lot. I'll give it a try.
Werner Thal
We have a bunch of Loadmasters and we want to use the same Cipher-Set on every machine. It is a bit annoying to do a click-orgy on every machine. It would be nice to save and restore only the Cipher-Set.