SECURE_PROXY_CIPHER_LIST option for NetBackup servers and clients
The SECURE_PROXY_CIPHER_LIST option configures the ciphers that NetBackup uses for OpenSSL to encrypt communication through the vnetd network daemon. The SECURE_PROXY_CIPHER_LIST option is a colon-separated list of permitted OpenSSL cipher strings. For the permitted cipher strings, requirements, and limitations, see the OpenSSL cipher documentation.
You can use this option to change the ciphers that NetBackup uses. If you configure this option, NetBackup writes a message about your configured cipher strings to the vnetd nbpxyhelper VxUL logs. The following is an example:
"Using user configured cipher list: cipher_string:cipher_string:...
Warning:
Be careful when you configure the SECURE_PROXY_CIPHER_LIST option. Permitted OpenSSL lower-level primitives may overlap with the ciphers that provide no authentication or no encryption. Hosts that do not have a cipher in common in their cipher lists cannot communicate with each other.
Table: SECURE_PROXY_CIPHER_LIST information
Usage | Description |
|---|---|
Where to use | On NetBackup master servers, media server, or clients. |
How to use | Use the nbgetconfig and the nbsetconfig commands to view, add, or change the option. For information about these commands, see the NetBackup Commands Reference Guide. Use the following format: SECURE_PROXY_CIPHER_LIST = cipher_string:cipher_string:cipher_string:... Replace cipher_string with a permitted OpenSSL cipher string. By default, the SECURE_PROXY_CIPHER_LIST option is not present in the configuration file. |
Equivalent Administration Console property |
No equivalent exists in the NetBackup Administration Console host properties. |