Requirements for SSL communications

REST API Reference Guide for Virtual Storage Platform 5000, Virtual Storage Platform E Series, and Virtual Storage Platform G/F Series

Version
93-07-0x
90-09-0x
88-08-10
Audience
anonymous
Part Number
MK-98RD9014-17
This section describes how to set up SSL communication for the REST API.

With the REST API, you can use SSL communication between the REST API clients and the REST API server.

For SSL communications between REST API clients and the REST API server, the server certificate for HTTPS installed in the SVP or the GUM is used. By default, this server certificate is a self-signed certificate. For this reason, a communication error might occur depending on the client program. To resolve this issue, do one of the following:

  • Change the certificate of the storage system to a server certificate trusted by a certificate authority, such as VeriSign.

    For details on how to obtain a certificate signed by a certificate authority and how to update the certificate on the SVP or the GUM, see the System Administrator Guide.

  • Correct the client programs to avoid errors.

    The approach taken to correct client programs to avoid errors varies by programming language.

    For example, if the Requests library is used with Python, verification of the server certificate can be omitted if verify=False is specified when a request is issued.

You can use the following protocol versions and encryption methods (cipher suites) for communication between the REST API clients and the REST API server.

  • For VSP 5000 series storage systems:

    The TLS versions and encryption methods (cipher suites) that can be used vary depending on the SVP communication settings.

    For details on how to configure SVP communication settings, see the System Administrator Guide.

  • For VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage systems:

    The following table shows the TLS versions and encryption methods (cipher suites) that can be used.

    TLS

    encryption methods (cipher suites)

    TLS1.2

    • TLS_RSA_WITH_AES_128_CBC_SHA256(0x00,0x3C)
    • TLS_RSA_WITH_AES_256_CBC_SHA256(0x00,0x3D)
    • TLS_RSA_WITH_AES_128_GCM_SHA256(0x00,0x9C)
    • TLS_RSA_WITH_AES_256_GCM_SHA384(0x00,0x9D)
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC0,0x2F)
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC0,0x30)