PUT /cryptoSettings

Use this method to modify the current cryptographic settings on Lenovo XClarity Administrator.

To modify the current cryptographic setting for managed devices, use PUT /nodes/cryptoSettings.

Authentication

Authentication with user name and password is required.

Request URL

PUT https://{management_server_IP}/cryptoSettings

Query parameters

None

Request body

Attributes Required / Optional Type Description
applyToMgmtServer Optional Boolean Indicates whether to apply the specified settings to the XClarity Administrator management server. This can be one of the following values.
  • true. (default) Applies specified settings to the management server.

  • false. Does not apply settings to the management server.

cipherSuite Optional String
Attention: This attribute will be deprecated in a future release.

Minimum cipher suite version to use for server connections. This can be one of the following values.

  • tls1.2. TLS v1.2 or v1.3 cipher suite is required for both servers and clients.

    Specify tls1.2 for the minTlsVersionClient and minTlsVersionServer attributes instead.

  • tls1.2-flexcat. TLS v1.2 compliance with exceptions for deploying operating systems from the XClarity Administrator. Specify tls1.2 for the minTlsVersionClient, minTlsVersionServer, minTlsVersionOsDeploy attributes instead.
minTlsVersionClient Optional String Minimum TLS protocol version to use for client connections to other servers (such as the LDAP client). This can be one of the following values.
  • TLS1.2. Enforces TLS v1.2 cryptography protocols.
  • TLS1.3. Enforces TLS v1.3 cryptography protocols.
minTlsVersionOsDeploy Optional String Minimum TLS protocol version to for the XClarity Administrator operating-system deployment server. This can be one of the following values.
  • TLS1.2. Enforces TLS v1.2 cryptography protocols.
  • TLS1.3. Enforces TLS v1.3 cryptography protocols.
minTlsVersionServer Optional String Minimum TLS protocol version to use for server connections (such as the web server). This can be one of the following values.
  • TLS1.2. Enforces TLS v1.2 cryptography protocols.
  • TLS1.3. Enforces TLS v1.3 cryptography protocols.
nistMode Optional String Cryptographic mode of the Lenovo XClarity Administrator and all managed chassis. This can be one of the following values.
  • nistcomp. NIST compatibility mode.
  • nist800-131a. NIST800-131A strict compatibility mode. When this option is selected, you must also select tls1.2 for the minTlsVersionClient and minTlsVersionServer attributes.
returnJobInfo Optional Boolean Indicates whether job information is to be returned as a result of changing the cryptographic settings. This can be one of the following values.
  • true. Returns job information in the response body and header if a job is created.
  • false. Does not return job information. This is the default setting.

The following example applies the specified TLS and NIST settings to the management server and all managed devices.

{
   "applyToManagedDevices": true,
   "applyToMgmtServer": true,
   "minTlsVersionClient": "tls1.2",
   "minTlsVersionOsDeploy": "tls1.2",
   "minTlsVersionServer": "tls1.2",
   "nistMode": "nist800-131a",
   "returnJobInfo": true
}

Response codes

Code Description Comments
200 OK The request completed successfully.
201 Created One or more new resources were successfully created.
400 Bad Request A query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.
500 Internal Server Error An internal error occurred. A descriptive error message is returned in the response body.

Response body

Attributes Type Description
result String Results of the request. This can be one of the following values.
  • success. The request completed successfully.
  • failure. The request failed. A descriptive error message was returned.
messages Array of objects Information about one or more messages
  explanation String Additional information to clarify the reason for the message
  id String Message identifier of a returned message
  recovery Array of objects Recovery information
    text String User actions that can be taken to recover from the event
    URL String Link to the help system for more information, if available
  text String Message text associated with the message identifier
The following example is returned when "returnJobInfo": true was specified and a job was created and successful.
{
    "result": "success",
    "messages": [{
        "explanation": "",
        "id": "FQXHMSE0001I",
        "recovery": {
            "text": "Information only; no action is required.",
            "URL": ""
        },
        "text": "The request completed successfully."
    }]
}
The following example is returned when returnJobInfo="false" was specified and a job was created but failed.
{
    "result": "failure",
    "messages": [{
        "explanation": "The provided minimum SSL/TLS protocol level does not match one 
                        of the expected string values. The requested operation was not 
                        performed.",
        "id": "FQXHMSE0501J",
        "recovery": {
            "text": "Correct the value and try the operation again.",
            "URL": ""
        },
        "text": "The provided minimum SSL/TLS protocol level is not valid."
    }]
}