Requirements for SSL communications

Storage Advisor Embedded User Guide

Version
93-07-2x
88-08-12
Audience
anonymous
Part Number
MK-97HM85022-25

You can use SSL communication between the REST API clients and the REST API server.

For SSL communications between REST API clients and the REST API server, the server certificate for HTTPS installed in the GUM is used. By default, this is a self-signed certificate. If the API client only allows communication with the REST API server installed with a signed certificate, then do one of the following:

  • Change the certificate of the storage system to a server certificate trusted by a certificate authority, such as VeriSign.

    For details on how to obtain a certificate signed by a certificate authority and how to update the certificate on the GUM, see the System Administrator Guide for your storage system.

  • Correct the client programs to avoid errors.

    The approach taken to correct client programs to avoid errors varies by programming language.

    For example, if the Requests library is used with Python, verification of the server certificate can be omitted if verify=False is specified when a request is issued.

Note:

TLS version 1.2 can be used for SSL communication between REST API clients and the REST API server.

The following encryption methods (cipher suites) can be used:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256