Skip to main content

cryptomode command

Use this command to display and configure the compliance mode with the exceptions for encryption.

The following table shows the arguments for the options.

Table 1. cryptomode command.

The following table is a multi-row three column table consisting of the options, option descriptions, and associated values for the options.

OptionDescriptionValues
-setSelect the compliance modebasic, NIST1
-esnmpv3Allow or disallow SNMPv3 accounts to operate in a non-compliant manner with the NIST compliance modeenable, disable
-hList the usage and options 
  1. If the compliance mode is set to NIST, the TLS level must be set to 1.2.
Syntax:
cryptomode [<em className="ph i">options</em>]
options:
-set <em className="ph i">basic|nist</em>
-esnmpv3 <em className="ph i">enabled|disabled</em>
-h <em className="ph i">usage_options</em>

Examples:

To set the cryptomode to basic, type the following command:
system> cryptomode
-set basic
ok
system> cryptomode
Mode Exceptions
Basic Compatibility
system>
To set the cryptomode to NIST Strict, type following command:
system> cryptomode
-set NIST
ok
system> cryptomode
Mode Exceptions
NIST SP 800-131A
system>
To set the cryptomode to NIST Strict and allow SNMP in the compatible mode, type following command:
system> cryptomode
-set NIST -esnmpv3 enabled
ok
system> cryptomode
Mode Exceptions
NIST SP 800-131A allow SNMPv3 accounts
system>
If there are certificates or key strengths that are not compatible with the NIST mode; the command fails and an error message is generated. The compliance mode is not changed See the following example:
system> cryptomode
-set NIST
LDAP Server 1 certificate invalid
fail
system>