How can we help?

The latest application delivery knowledge and expertise at your fingertips.

How To Create & Restore Custom Cipher Sets

This article will show you how to create and restore a custom cipher set on the Loadmaster.

Creating a Custom Cipher Set

Prerequisite: Make sure you are offloading on the VS and have a certificate assigned.

Please navigate to Certificates and Security -> Cipher Sets -> Cipher Set Management

custom_ciphers.png

In the screenshot above, the ciphers that are in Available Ciphers that are highlighted blue are already assigned to the Assigned Ciphers

Please use the Filter field to filter ciphers and locate specific ciphers you want to use without scrolling through the whole list.list

If you want to add a cipher from the available Ciphers list to the assigned Cipher, drop & drag them across. Click the specific cipher that you want to assign into the assigned cipher set. Any of the ciphers that was just moved into assigned ciphers is now highlighted blue.

Once completed, the Customer Cipher Set can then be saved by entering in a Custom Cipher Set name  by selecting the  "Save" option.

Now that it is saved, you can navigate to the virtual service that you want to use the cipher set in and chose the new custom cipher set.

 

Restoring a Customer Cipher Set

Prerequisite:  User needs to already have a backup file saved to restore the previous Cipher Set configuration.

This is intended for users who may have lost the custom cipher set or made an unintended change to the cipher set. 

 

Restoring Custom Cipher Set (LoadMaster Base Configuration upload)

1. Navigate to the Loadmaster where the configurations will be restored to.

2. Navigate to System Configuration > System Administration > Backup/Restore.

3. Click Choose File.

4. Browse to and select the backup file.

5. Check LoadMaster Base Configuration.

6. Restore Configuration.

 Image_11.png

Note. This is a base configuration upload. This will require a reboot of the unit. All existing configuration will be removed and replaced with the restored backup config. Use caution if applying this configuration to a different unit.

View your Restored Custom Cipher Sets

Navigate to Certificates & Security -> Cipher Sets -> Cipher set and the custom sets will be in the drop-down.


Comments

Avatar

Werner Thal

We have a bunch of Loadmasters and we want to use the same Cipher-Set on every machine. It is a bit annoying to do a click-orgy on every machine. It would be nice to save and restore only the Cipher-Set.

0

Avatar

Nick Smylie

Hi @werner.thal

A work around for this would be to use our API
https://support.kemptechnologies.com/hc/en-us/articles/203863435-RESTful-API#MadCap_TOC_64_3

You could first pull the cipher set using the command below:

https://IP of LMaccess/getcipherset?name=cipher set name

This will give you a list of the ciphers in that set name.
Then you could go to your new LM or another one and past those values in using the command below:

https://IP of LM/access/modifycipherset?name=Name of cipher set&value=ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:DES-CBC3-SHA

The value is the actual cipher name separated by colon.

0

Avatar

Werner Thal

Hey Nick,

that saved my day!

Thanks a lot for your advice. If I am allowed to make another wish - it would be nice to have an Ansible module, for creating/changing/deleting Cipher Sets.

 

 

0

Avatar

Nick Smylie

Great!  Glad it worked.  As for the anisble stuff I am going to give you a link to our ideas portal.  You can request this and our PM team will see this and also other customers.  I know in the past we have dabbled in Anisble on our K360 Central product, but in the LoadMaster itself not much has gone into it as far as I know.

https://ideas.kemp.ax/

0

Avatar

Werner Thal

Thanks a lot. I'll give it a try.

0