Manuals / Lantronix / Computer Equipment / Network Card

Lantronix EDS16PR SSL Settings, SSL Cipher Suites, Security Settings, 13 Supported Cipher Suites

Models: EDS8PR EDS16PR EDS4100 EDS16PS EDS8PS EDS32PR

1 163

Download 163 pages 27.88 Kb

Page 103

SSL Settings

12: Security Settings

SSL Settings

Secure Sockets Layer (SSL) is a protocol for managing the security of data transmission over the Internet. It provides encryption, authentication, and message integrity services. SSL is widely used for secure communication to a web server.

Certificate/Private key combinations can be obtained from an external Certificate Authority (CA) and downloaded into the unit. Self-signed certificates with associated private key can be generated by the device server itself.

For more information regarding Certificates and how to obtain them, see SSL Certificates and Private Keys (on page 104).

SSL uses digital certificates for authentication and cryptography against eavesdropping and tampering. Sometimes only the server is authenticated, sometimes both server and client. The EDS can be server and/or client, depending on the application. Public key encryption systems exchange information and keys and set up the encrypted tunnel.

Efficient symmetric encryption methods encrypt the data going through the tunnel after it is established. Hashing provides tamper detection.

Applications that can make use of SSL are Tunneling, Secure Web Server, and WLAN interface. The EDS supports SSlv3 and its successors, TLS1.0 and TLS1.1.

Note: An incoming SSlv2 connection attempt is answered with an SSlv3 response. If the initiator also supports SSLv3, SSLv3 handles the rest of the connection.

SSL Cipher Suites

The SSL standard defines only certain combinations of certificate type, key exchange method, symmetric encryption, and hash method. Such a combination is called a cipher suite. Supported cipher suites include the following:

Table 12-13Supported Cipher Suites

Certificate	Key Exchange	Encryption	Hash

DSA	DHE	3DES	SHA1

RSA	RSA	128 bits AES	SHA1

RSA	RSA	Triple DES	SHA1

RSA	RSA	128 bits RC4	MD5

RSA	RSA	128 bits RC4	SHA1

RSA	1024 bits RSA	56 bits RC4	MD5

RSA	1024 bits RSA	56 bits RC4	SHA1

RSA	1024 bits RSA	40 bits RC4	MD5

Whichever side is acting as server decides which cipher suite to use for a connection. It is usually the strongest common denominator of the cipher suite lists supported by both sides.

EDS User Guide

103

Image 103

Lantronix EDS16PR, EDS32PR SSL Settings, SSL Cipher Suites, Security Settings, 13 Supported Cipher Suites, EDS User Guide

Contents

 EDS4100  EDS8PS  EDS16PS  EDS8PR  EDS16PR  EDS32PR EDS Device Servers/Terminal Servers User GuidePart Number 900-433 Revision I April Disclaimer WarrantyCopyright & Trademark ContactsComments Revision HistoryEDS User Guide Date2 Introduction Table of Contents3 Installation of EDS8PS and EDS16PS 1 About This GuideEDS User Guide 4 Installation of EDS41005 Installation of EDS8PR, EDS16PR and EDS32PR 6 Using DeviceInstaller10 Terminal and Host Settings 7 Configuration Using Web Manager8 Network Settings 9 Line and Tunnel SettingsEDS User Guide 12 Security Settings14 Maintenance and Diagnostics Settings 13 Modbus18 Updating Firmware 15 Advanced Settings16 VIP Settings 17 Branding the EDSAppendix A - Technical Support EDS User Guide List of FiguresEDS User Guide Figure 11-18 LPD ConfigurationEDS User Guide List of TablesTable 16-3 VIP Counters149 Table 15-3 Email Configuration135 Table 15-6 CLI ConfigurationTable 15-8 XML Export Configuration140 Table 15-10 XML Export Status Table 15-16 XML Import Lines from Single Line SettingsEDS32PR, EDS8PS and EDS16PS 1 About This GuideNote Modbus is only available on the EDS4100 and is not supported on the EDS8PR, EDS16PR1 About This Guide EDS Command ReferenceDeviceInstaller Online Help Additional Documentation EDS8PS and EDS16PS Overview  EDS4100 Overview 2 Introduction Protocol Support  Evolution OS  Additional Features  Configuration Methods  Addresses and Port NumbersEDS User Guide FeaturesEDS8PS and EDS16PS Overview 2 IntroductionEDS4100 Overview Featuresenable asynchronous RS-232 and See Chapter 4 Installation of EDS4100 for installation instructionsEDS User Guide FeaturesEDS8PR, EDS16PR, and EDS32PR Overview 2 Introduction2 Introduction ApplicationsProtocol Support Evolution OSModem Emulation Web-Based Configuration and TroubleshootingCommand-Line Interface CLI VIP Access2 Introduction Configuration MethodsTroubleshooting Capabilities Terminal Server/Device Management2 Introduction Hardware AddressIP Address Port NumbersEDS User Guide Product Information Label2 Introduction UDP Port 10003 Tunnel 3, etcEDS User Guide 3 Installation of EDS8PS and EDS16PSPackage Contents User-Supplied ItemsNote The console port cannnot be used as a serial port 3 Installation of EDS8PS and EDS16PSSerial Ports Console PortEthernet Port Reset ButtonReboot the device 3 Installation of EDS8PS and EDS16PSFinding a Suitable Location Connecting the EDS8/16PSRestore factory defaults 3 Installation of EDS8PS and EDS16PSEDS User Guide 3 Installation of EDS8PS and EDS16PSFigure 3-5 Example of EDS8/16PS Connections Identifying Hardware Components 4 Installation of EDS4100Package Contents User-Supplied ItemsEDS User Guide 4 Installation of EDS4100 All four serial ports are configured as DTE Serial Ports Ports 1 & 3 support up to  Ports 2 & 4 support up to 4 Installation of EDS4100Note Multi-drop connections are supported in 2-wire mode only Ethernet PortLEDs Terminal Block ConnectorReset Button 4 Installation of EDS4100Connect the EDS4100 to one or more serial devices Connecting the EDS41004 Installation of EDS4100 Finding a Suitable LocationEDS User Guide 4 Installation of EDS4100Figure 4-7 Example of EDS4100 Connections EDS User Guide 5 Installation of EDS8PR, EDS16PR and EDS32PRPackage Contents User-Supplied Items The EDS8PR has 8 serial ports  The EDS16PR has 16 serial ports 5 Installation of EDS8PR, EDS16PR and EDS32PRSerial Ports Console PortEDS User Guide 5 Installation of EDS8PR, EDS16PR and EDS32PREthernet Port LEDsFinding a Suitable Location Reset ButtonConnecting the EDS8/16/32PR 5 Installation of EDS8PR, EDS16PR and EDS32PREDS User Guide 5 Installation of EDS8PR, EDS16PR and EDS32PRFigure 5-5 Example of EDS16PR Connections Device Details Summary 6 Using DeviceInstallerAccessing EDS Using DeviceInstaller DeviceInstallerEDS User Guide 6 Using DeviceInstallerDevice Family  Navigating the Web Manager  Table 7-3 Summary of Web Manager Pages 7 Configuration Using Web Manager Accessing Web Manager  Web Manager Page Components To access Web Manager, perform the following stepsFigure 7-1 Web Manager Home Page 7 Configuration Using Web ManagerDevice Status Page EDS User GuideLogout Link 7 Configuration Using Web ManagerInformation Instructions Help Menu Bar Configuration Status Area Links to Subpages HeaderEDS User Guide 7 Configuration Using Web ManagerNavigating the Web Manager Table 7-3 Summary of Web Manager PagesDescription 7 Configuration Using Web ManagerEDS User Guide Web Manager PageTo view the network interface status 8 Network Settings Network 1 eth0 Interface Configuration  Network 1 Ethernet Link  Network 1 eth0 Interface StatusEDS User Guide Network 1 eth0 Interface Configuration8 Network Settings To view and configure network interface settingsEDS User Guide 8 Network SettingsConfiguration SettingsEDS User Guide 8 Network SettingsTo view and configure the Ethernet link Network 1 Ethernet LinkLine Statistics 9 Line and Tunnel SettingsLine Settings  Line Settings  Tunnel SettingsEDS User Guide Line Configuration9 Line and Tunnel Settings To configure a specific lineSettings 9 Line and Tunnel SettingsTable 9-3 Line Configuration Line - ConfigurationTable 9-5 Line Command Mode Line Command Mode9 Line and Tunnel Settings To configure Command Mode on a specific line5. Click Submit 9 Line and Tunnel Settings Tunnel - Statistics  Tunnel - Serial Settings  Tunnel - Packing ModeTunnel - Statistics 9 Line and Tunnel Settings Tunnel - Accept Mode  Tunnel - Connect Mode  Tunnel - Disconnect Mode  Tunnel - Modem EmulationEDS User Guide 9 Line and Tunnel SettingsFigure 9-6 Tunnel 1 Statistics Table 9-8 Tunnel - Serial Settings Tunnel - Serial Settings9 Line and Tunnel Settings To configure serial settings for a specific tunnel5. Click Submit Tunnel - Packing Mode9 Line and Tunnel Settings To configure the Packing Mode for a specific tunnelFigure 9-11 Tunnel 1 Packing Mode Mode = Send Character 9 Line and Tunnel Settings4. Enter or modify the following settings Figure 9-10 Tunnel 1 Packing Mode Mode = TimeoutSettings 9 Line and Tunnel SettingsTable 9-12 Tunnel Packing Mode Tunnel - Packing ModeEDS User Guide Tunnel - Accept Mode9 Line and Tunnel Settings To configure the Accept Mode of a specific tunnelSettings 9 Line and Tunnel SettingsTable 9-14 Tunnel Accept Mode Tunnel - Accept Mode5. Click Submit 9 Line and Tunnel SettingsTunnel - Accept Mode Settings continued TCP  AES encryption over TCP and UDP Tunnel - Connect Mode9 Line and Tunnel Settings  Disable Modem Emulation 9 Line and Tunnel SettingsTo configure Connect Mode for a specific tunnel  Modem Control AssertedSettings 9 Line and Tunnel SettingsTable 9-16 Tunnel Connect Mode Tunnel - Connect Mode When you configure Tunnel - Connect Mode, you can specify a number 9 Line and Tunnel SettingsTunnel - Connect Mode Settings continuedTo promote a specific Host Connecting Multiple Hosts9 Line and Tunnel Settings Host List PromotionTable 9-19 Tunnel Disconnect Mode Tunnel - Disconnect Mode9 Line and Tunnel Settings To configure the Disconnect Mode for a specific tunnel5. Click Submit 9 Line and Tunnel SettingsTable 9-20 Modem Emulation Commands and Descriptions Tunnel - Modem EmulationEDS User Guide 9 Line and Tunnel SettingsTable 9-20 Modem Emulation Commands and Descriptions continued To configure modem emulation for a specific tunnelEcho Commands 9 Line and Tunnel SettingsEmulation Settings Select Enabled to echo +++ when entering modem Command ModeTo configure a specific line to support an attached terminal 10 Terminal and Host SettingsLine Terminal Configuration  Terminal Settings  Host ConfigurationEDS User Guide 10 Terminal and Host SettingsTable 10-2 Terminal on Line 1 Configuration Configuration SettingsTable 10-4 Terminal on Network Configuration Network Terminal Configuration10 Terminal and Host Settings To configure menu features applicable to CLI access via the networkTable 10-6 Host Configuration Host Configuration10 Terminal and Host Settings To configure a selected remote hostTo view the DNS status 11 Service Settings DNS Settings  SNMP Settings  FTP Settings  TFTP Settings  Syslog Settings  HTTP Settings  RSS Settings  LPD SettingsTo clear cache entries 11 Service SettingsTo configure SNMP To find a DNS Name or IP AddressEDS User Guide FTP Settings11 Service Settings To configure FTPSelect Enabled to enable the FTP server 11 Service SettingsTable 11-5 FTP Settings FTP SettingsNote TFTP cannot authenticate the client, so the device is open to 11 Service SettingsTo configure TFTP TFTP SettingsEDS User Guide 11 Service SettingsTo configure the Syslog Syslog SettingsTo view HTTP statistics HTTP Settings11 Service Settings HTTP StatisticsTable 11-12 HTTP Configuration HTTP Configuration11 Service Settings To configure HTTPthe SSL configuration section to use HTTPS 11 Service SettingsHTTP Configuration Settings continuedTable 11-14 HTTP Authentication HTTP Authentication11 Service Settings To configure HTTP authentication settings3. Click Submit RSS Settings11 Service Settings To configure RSS settingsTo view LPD statistics for a specific LPD line LPD Settings11 Service Settings LPD StatisticsTable 11-19 LPD Configuration LPD Configuration11 Service Settings To configure LPD settings for a specific LPD lineEDS User Guide 11 Service SettingsLPD Configuration Settings continued SSH Client Known Hosts  SSH Client Users  SSL Cipher Suites 12 Security Settings SSL Configuration  SSH Server Host Keys  SSH Server Authorized UsersEDS User Guide 12 Security SettingsSSH Server Host Keys To upload SSH server host keys generated from PuTTYEDS User Guide 12 Security SettingsTable 12-2 SSH Server Host Keys Settings - Upload Keys Method 6. Click Submit To upload SSH server host RFC4716 format keys5. Click Submit 12 Security SettingsTable 12-4 SSH Server Host Keys Settings - Upload Keys Method Settings continuedEDS User Guide 12 Security SettingsTable 12-6 SSH Server Host Keys Settings - Create New Keys Method To create new SSH server host keys3. Click Submit 12 Security SettingsTo configure the SSH server for authorized users SSH Server Authorized UsersEnter the name of the user authorized to access the SSH server 12 Security SettingsTable 12-8 SSH Server Authorized User Settings SettingsAddress in Connect mode tunneling 12 Security SettingsTo configure the SSH client for known hosts Known Hosts SettingsEDS User Guide 12 Security SettingsTo configure the SSH client users SSH Client UsersTable 12-12 SSH Client Users 12 Security SettingsSettings is a command shellTable 12-13 Supported Cipher Suites SSL Settings12 Security Settings SSL Cipher SuitesSSL Certificates and Private Keys 12 Security SettingsSSL Certificates SSL RSA or DSASteel Belted RADIUS 12 Security SettingsSSL Utilities OpenSSLEDS User Guide SSL Configuration12 Security Settings To configure SSL settingsTable 12-15 SSL 12 Security SettingsSSL Settings EDS User GuideEDS User Guide 12 Security SettingsSSL Settings continued 3. Click SubmitTable 13-2 Modbus Transmission Modes 13 Modbus Modbus Statistics  Modbus Configuration Table 13-1 6 Byte Header of Modbus Application ProtocolEDS User Guide Modbus Statistics13 Modbus To view modbus statisticsSettings To view and configure the Modbus ServerTable 13-5 Modbus Configuration Modbus ConfigurationFilesystem Statistics 14 Maintenance and Diagnostics Settings Filesystem Settings  Protocol Stack Settings  IP Address Filter  Query Port  Diagnostics  System SettingsEDS User Guide 14 Maintenance and Diagnostics SettingsFilesystem Browser To browse the filesystemEDS User Guide 14 Maintenance and Diagnostics SettingsSettings Table 14-3 Filesystem BrowserTable 14-5 TCP Protocol Settings TCP Settings14 Maintenance and Diagnostics Settings To configure the TCP network protocolTo configure the network protocol settings for IP IP SettingsICMP Settings 14 Maintenance and Diagnostics SettingsICMP Settings 14 Maintenance and Diagnostics SettingsTable 14-9 ICMP Settings DisabledTable 14-11 ARP Settings ARP Settings14 Maintenance and Diagnostics Settings To configure the ARP network protocolTable 14-13 SMTP Settings SMTP Settings14 Maintenance and Diagnostics Settings To configure the SMTP network protocol3. Click Add 14 Maintenance and Diagnostics SettingsTo configure the IP address filter Table 14-15 IP Address Filter Settings3. Click Submit 14 Maintenance and Diagnostics SettingsTo configure the query port server Query PortHardware Diagnostics14 Maintenance and Diagnostics Settings To display hardware diagnosticsTable 14-19 Requests for Comments RFCs 14 Maintenance and Diagnostics SettingsMIB-II Statistics To view MIB-II statisticsTo display open IP sockets 14 Maintenance and Diagnostics SettingsIP Sockets PingPing Settings 14 Maintenance and Diagnostics SettingsTable 14-22 Diagnostics Ping DiagnosticsTo use Traceroute 14 Maintenance and Diagnostics SettingsTable 14-24 Diagnostics Traceroute TracerouteTo use diagnostics logging 14 Maintenance and Diagnostics SettingsEDS User Guide 4. Click Submit 14 Maintenance and Diagnostics SettingsFigure 14-27 Diagnostics Log Line  Severity Level specifies the level of system message to be loggedTo display memory statistics 14 Maintenance and Diagnostics SettingsMemory Buffer PoolsNote The Adobe SVG plug-in is required to view the CPU Load Graph 14 Maintenance and Diagnostics SettingsProcesses To display the processes running and their associated statisticsFigure 14-30 Diagnostics Processes 14 Maintenance and Diagnostics SettingsEDS User Guide To configure system settings 14 Maintenance and Diagnostics SettingsTo configure Real Time Clock settings Table 14-32 Real Time Clock SettingsEDS User Guide 14 Maintenance and Diagnostics SettingsSystem Settings Note Close and reopen the web manager browser upon a firmware updateEmail Statistics 15 Advanced SettingsEmail Settings  Email Settings  Command Line Interface Settings  XML SettingsTable 15-3 Email Configuration Email Configuration15 Advanced Settings To configure email settings5. Click Submit 15 Advanced SettingsEmail - Configuration Settings continuedCLI Statistics CLI Configuration15 Advanced Settings To configure the CLIConfiguration Settings 15 Advanced SettingsTable 15-6 CLI Configuration Command Line InterfaceEDS User Guide XML Settings15 Advanced Settings gigiTable 15-8 XML Export Configuration XML Export Configuration15 Advanced Settings To export the system configurationTable 15-10 XML Export Status 15 Advanced SettingsXML Export Status To export the system statusEDS User Guide XML Import ConfigurationImport Configuration from External File 15 Advanced SettingsFigure 15-13 XML Import from Filesystem Import Configuration from the Filesystem15 Advanced Settings EDS User GuideNote By default, all groups are checked except those pertaining 15 Advanced SettingsImport Configuration from Filesystem SettingsEDS User Guide Import Lines from Single Line Settings on the Filesystem15 Advanced Settings To modify Single Line Settings on the FilesystemEDS User Guide 15 Advanced SettingsTable 15-16 XML Import Lines from Single Line Settings Import Lines Settings Virtual IP VIP Configuration 16 VIP Settings Obtaining a Bootstrap File  Importing the Bootstrap File  Enabling VIP  Configuring Tunnels to Use VIPVirtual IP VIP Statistics Configuring Tunnels to Use VIP16 VIP Settings Enabling VIPTable 16-3 VIP Counters 16 VIP SettingsTo view EDS VIP settings To configure the EDS VIP settings Web Manager Customization  Short and Long Name Customization 17 Branding the EDSWeb Manager Customization Short and Long Name CustomizationTo upload new firmware 18 Updating FirmwareObtaining Firmware Loading New FirmwareEmail eutechsupp@lantronix.com or eusupport@lantronix.com Appendix A - Technical SupportTechnical Support US Technical Support Europe, Middle East, AfricaTable 20-1 Binary to Hexadecimal Conversion Table Appendix B - Binary to Hexadecimal ConversionsConverting Binary to Hexadecimal Conversion TableScientific Calculator 1. On the Windows Start menu, click Programs Accessories CalculatorEDS User Guide Manufacturer’s Name & Address Appendix C - ComplianceRF Common Mode Conducted Susceptibility Power Frequency Magnetic Field ImmunityEDS User Guide Lithium Battery NoticeInstallationsanweisungen RackmontageInput Supply EnergiezufuhrErdung Rack MountingDescription Appendix D - Lantronix Cables and AdaptersEDS User Guide Lantronix P/NEDS User Guide EDS User Guide EDS User Guide EDS User Guide Page Components 45 Page Summary XML Export Configuration Export Status Import System ConfigurationXML Settings XML-Based Architecture Web Manager Device Status Web Page 44 Navigating