Installing new Cipher Suite in ProxySG CLI Results in "Error: Cipher list: Cipher list not valid"

book

Article ID: 169304

calendar_today

Updated On:

Products

Asset Management Solution ProxySG Software - SGOS

Issue/Introduction

When updating the suite of ciphers for a secure access point, (SSH-console or HTTPS services) you may receive the error Cipher list: Cipher list not valid.

The following example uses the ssh-console:

Example:
ProxySG#(config ssh-console)ciphers set "aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]"
Error: Cipher list: Cipher list not valid

Resolution

This error is typically caused by a syntax error. In the case of the example above, a comma was missing: it should be [email protected], aes128-cbc instead of [email protected]

ProxySG#(config ssh-console)ciphers set "aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]"
Error: Cipher list: Cipher list not valid


ProxySG#(config ssh-console)ciphers set "aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]"
  ok


The same error can be produced if you have extra characters, or if you have a spelling error in any of the entries.