Configuring the SSL/TLS version

Server and Cluster Administration Guide for Hitachi NAS Platform

Part Number

You can restrict which versions of SSL/TLS may be used to comply with your security policies.

Use the following commands to configure the SSL/TLS version and restrict which versions of SSL/TLS may be used.

  1. List the enabled SSL/TLS versions:
    $ tls-version-list
    SSLv2     :  disabled
    SSLv3     :  disabled
    TLSv1     :  enabled 
    TLSv1.1   :  enabled
    TLSv1.2   :  enabled
  2. Set the enabled SSL/TLS versions. The NAS Manager supports TLSv1.2, so it is recommended that you use this verison.
    $ tls-version-set --tls1.1 --tls1.2  --confirm
    Note: You should not enable SSLv2, because it is not secure.
  3. Set the enabled SSL/TLS versions to the default. The default versions are TLS1.0, TLS1.1 and TLS1.2 enabled, and SSL2 and SSL3 disabled.
    Note: These default values are currently safe, but this may change as vulnerabilities are found in different SSL/TLS versions.
    $ tls-version-set  --default  --confirm
When the SSL configuration is changed, or a custom certificate is installed or removed, the HTTPS management server is automatically restarted to ensure that all current and future connections make use of the certificate, and the enabled versions and ciphers. An incorrect configuration can cause the the NAS Manager to be unable to communicate with the HTTPS management server. Verify that the NAS Manager can still communicate after the settings have been changed.