Gen3 Logger disable SSL/TLS cipher-algorithms

The following information is an advanced configuration option for 3rd generation DAS products, which include the A7810, A8810, A8812, and A8814.

We currently support up to TLS 1.2 in this product, and TLS 1.3 in our latest EMHXD/A8820

To disable or enable certain ciphers, it cannot be done from the web interface of the logger. Someone with an IT background or has SSH, TELNET, or FTP experience with their PC will be the best person to execute these changes.

Editing the config improperly may cause the unit to need to be factory reset or worse case, completely inoperable.

Suggested steps:

1. Log into the web interface of your logger, go to System > Backup/Restore, and create a backup. The file should get downloaded to your PC.
2. Navigate to Networking > Setup, and enable SSH, TELNET, or FTP; whichever will be your preferred method to make the changes. Save. Reboot if the logger recommends it.
3. Log into the data logger via SSH, TELNET, or FTP. Use root as the username, and the use the admin login password.
4. Head to directory /mnt/main/sysconfig . Edit the loggerconfig.ini file.
5. Locate if there is a line item for "SSLUPLOAD_CIPHERS=". If there isn't, add a new line.
6. On this line, add an exclamation point on items you wish to disable, or remove them to enable. The example line below disables TLS 1.0 and 1.1.
   

   SSLUPLOAD_CIPHERS="kEECDH+ECDSA+AESGCM kEECDH+AESGCM kEDH+AESGCM kEECDH+ECDSA kEECDH kEDH !TLSv1 !TLSv1.1 +SHA HIGH !RC4 !3DES !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !IDEA !SEED"

7. Save/upload changes. If TELNET/SSH, can type command "sync", then "reboot". Otherwise head to the web interface, head to System > Status, and click Reboot.
8. Once rebooted, head to the web interface location SSL > Setup, and your changes should now appear indicating success.
9. Return SSH/TELNET/FTP settings to their appropriate previous setting.

You may then wish to validate with a third party tool.