cryptomode command

Use this command to display and configure the compliance mode with the exceptions for encryption.

The following table shows the arguments for the options.

Table 1. cryptomode command.
The following table is a multi-row three column table consisting of the options, option descriptions, and associated values for the options.
Option	Description	Values
-set	Select the compliance mode	basic, NIST¹
-esnmpv3	Allow or disallow SNMPv3 accounts to operate in a non-compliant manner with the NIST compliance mode	enable, disable
-h	List the usage and options
If the compliance mode is set to NIST, the TLS level must be set to 1.2.

Syntax:

cryptomode [<em className="ph i">options</em>]
  options: 
   -set <em className="ph i">basic|nist</em>
   -esnmpv3 <em className="ph i">enabled|disabled</em>
   -h <em className="ph i">usage_options</em>

Examples:

To set the cryptomode to basic, type the following command:

system> cryptomode
-set basic
ok
system> cryptomode
Mode                Exceptions
Basic Compatibility
system>

To set the cryptomode to NIST Strict, type following command:

system> cryptomode
-set NIST
ok
system> cryptomode
Mode                Exceptions
NIST SP 800-131A
system>

To set the cryptomode to NIST Strict and allow SNMP in the compatible mode, type following command:

system> cryptomode
-set NIST -esnmpv3 enabled
ok
system> cryptomode
Mode                Exceptions
NIST SP 800-131A    allow SNMPv3 accounts
system>

If there are certificates or key strengths that are not compatible with the NIST mode; the command fails and an error message is generated. The compliance mode is not changed See the following example:

system> cryptomode
-set NIST
LDAP Server 1 certificate invalid
fail
system>

Give feedback