HPE Community
HPE Nimble Storage Solution Specialists
1820592 Members
1853 Online
109626 Solutions
New Discussion

How to check supported ciphers (SSH and SSL) on Nimble- Alletra 5K-6K storage arrays ?

 
buzzsubash
HPE Pro

Tuesday - last edited Tuesday by

Tuesday - last edited Tuesday by

How to check supported ciphers (SSH and SSL) on Nimble- Alletra 5K-6K storage arrays ?

You may check using nmap scan, using command nmap --script ssl-enum-ciphers -p 443 < IP address>. Below is a sample output that shows TLS1.2 is enabled. (Tested on our internal lab array running Nimble OS) 6.1.2.700

For SSL
nmap --script ssl-enum-ciphers -p 443 <IP address>

 

Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-24 16:01 +08

Nmap scan report for<IP address>

Host is up (0.085s latency).

 

PORT    STATE SERVICE

443/tcp open  https

| ssl-enum-ciphers:

|   TLSv1.2:

|     ciphers:

|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A

|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A

|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 3072) - A

|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 3072) - A

|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 3072) - A

|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A

|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 3072) - A

|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A

|     compressors:

|       NULL

|     cipher preference: server

|     warnings:

|       Key exchange (dh 2048) of lower strength than certificate key

|_  least strength: A

 

For SSH

This can be verified using command nmap --script ssh2-enum-algos -p 22 <IP address>

 

Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-24 16:13 +08

Nmap scan report for <IP address>

Host is up (0.086s latency).

 

PORT   STATE SERVICE

22/tcp open  ssh

| ssh2-enum-algos:

|   kex_algorithms: (7)

|       ecdh-sha2-nistp256

|       ecdh-sha2-nistp384

|       ecdh-sha2-nistp521

|       diffie-hellman-group-exchange-sha256

|       diffie-hellman-group16-sha512

|       diffie-hellman-group18-sha512

|       diffie-hellman-group14-sha256

|   server_host_key_algorithms: (3)

|       ssh-rsa

|       rsa-sha2-512

|       rsa-sha2-256

|   encryption_algorithms: (3)

|       aes128-ctr

|       aes192-ctr

|       aes256-ctr

|   mac_algorithms: (4)

|       hmac-sha2-256

|       hmac-sha2-512

|       hmac-sha2-256-etm@openssh.com

|       hmac-sha2-512-etm@openssh.com

|   compression_algorithms: (2)

|       none

|_      zlib@openssh.com

Subash Geetha Krishnan
HPE Services – Hybrid Cloud Support

I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.