Installing new Cipher Suite in ProxySG CLI Results in "Error: Cipher list: Cipher list not valid"

Article Id: 169304

Status: Published

Updated On: 13-05-2017 12:32

Legacy Id: TECH246179

Products:

Asset Management Solution ProxySG Software - SGOS

Issue/Introduction:

When updating the suite of ciphers for a secure access point, (SSH-console or HTTPS services) you may receive the error Cipher list: Cipher list not valid.

The following example uses the ssh-console:

Example:
ProxySG#(config ssh-console)ciphers set "aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]"
Error: Cipher list: Cipher list not valid

Resolution:

This error is typically caused by a syntax error. In the case of the example above, a comma was missing: it should be [email protected], aes128-cbc instead of [email protected]

ProxySG#(config ssh-console)ciphers set "aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]"
Error: Cipher list: Cipher list not valid

ProxySG#(config ssh-console)ciphers set "aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]"
ok

The same error can be produced if you have extra characters, or if you have a spelling error in any of the entries.