No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Operation Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Configure the eIMS Management to Support the Anonymous Authentication Algorithm

How Do I Configure the eIMS Management to Support the Anonymous Authentication Algorithm

NOTE:

Anonymous authentication algorithms are insecure and have network security risks. You are advised to disable eSight to support the anonymous authentication algorithms after the NE is upgraded to a version supporting secure algorithm suites.

Procedure

The procedure is similar in the SUSE Linux operating system and Windows operating system. The following uses the SUSE Linux operating system as an example.

  1. Log in to the eSight server as the ossuser user. For a DR system, log in to the active eSight server.
  2. Optional: Back up the cipherSuiteConfig.xml file.

    su - root

    cd eSight installation directory/AppBase/etc/eims/eimsne/neconnection/ssl/

    cp cipherSuiteConfig.xml /opt/

  3. Modify the cipherSuiteConfig.xml file.

    su - ossuser

    cd eSight installation directory/AppBase/etc/eims/eimsne/neconnection/ssl/

    vi cipherSuiteConfig.xml

    • In the <DESC descname="TLSv1.1"> area, modify value of name="all".

      Add the TLS_DH_anon_WITH_AES_256_CBC_SHA and TLS_ECDH_anon_WITH_AES_256_CBC_SHA algorithms at the end of value. Use a colon (:) to separate the algorithms.

    • In the <DESC descname="TLSv1.2"> area, modify value of name="all".

      Add the TLS_ECDH_anon_WITH_AES_256_CBC_SHA and TLS_DH_anon_WITH_AES_256_CBC_SHA256 algorithms at the end of value. Use a colon (:) to separate the algorithms.

    • In the <DESC descname="ipsi"> area, modify value of name="STARDARD_SSL_anon_set".

      Add the TLS_DH_anon_WITH_AES_256_CBC_SHA256 and TLS_DH_anon_WITH_AES_256_CBC_SHA algorithms at the end of value. Use a colon (:) to separate the algorithms.

  4. Press Esc and run the :wq command to close the configuration file.
  5. Restart eSight for the configuration to take effect.

    1. Stop eSight.
      • For a single-node system, perform operations in "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.
      • For a DR system, stop the standby eSight server and then stop the active eSight server. For details, see "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.
    2. Start eSight.
      • For a single-node system, perform operations in "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.
      • For a DR system, start the active eSight server and then start the standby eSight server. For details, see "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.

Translation
Download
Updated: 2019-09-12

Document ID: EDOC1100044378

Views: 69347

Downloads: 371

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next