Managing post-quantum cryptography (PQC) mode from the deduplication shell
You can enable post-quantum cryptography (PQC) mode on a WORM storage server to enable use of the PQC algorithm in TLS 1.3 Hybrid Key Exchange. PQC mode can be enabled only if FIPS mode is disabled.
To learn more about PQC support in NetBackup, refer to the NetBackup Security and Encryption guide.
Caution:
NetBackup uses the OQS provider to support post-quantum cryptography (PQC) for secure communications. While the OQS provider is a significant step towards preparing for a quantum-safe future, it is currently widely used in experimental and research environments. Cohesity recommends that you thoroughly assess all associated risks and ensure that its usage aligns with your organization's security policies and compliance requirements before enabling PQC mode.
Use the following procedures to manage PQC mode.
To check if PQC mode is enabled or disabled
- Open an SSH session on the server as the msdpadm user.
- Run the following command:
setting PQC status
To enable PQC mode
- Open an SSH session on the server as the msdpadm user.
- Run the following command:
setting PQC enable
To disable PQC mode
- Open an SSH session on the server as the msdpadm user.
- Run the following command:
setting PQC disable