Use the TCP/IP OPTION command to enable or disable the AES-CBC cipher algorithm.
Cipher Block Chain (CBC)-based ciphers are no longer considered safe and some clients might have site-specific security policies to disable CBC-based ciphers for encryption over SSH connections. To ensure backward compatibility, the AES-CBC cipher is available as an option. This option is enabled by default; however it can be disabled to remove CBC ciphers from the negotiation phase of the SSH connection.
| Note: | Use the NW TCPIP STATUS SSH inquiry to ensure that SSH encryption is enabled and to view the list of supported algorithms. |
To enable AES-CBC, enter the following:
NW TCPIP OPT + AESCBC
To disable AES-CBC, enter the following:
NW TCPIP OPT – AESCBC
The default state of AES-CBC is enabled.
