Microsoft Virtualization Discussions

Set-NcSecurityConfig for restricting protocol versions

badrian

Team,

 

A customer want's to automate the internal security hardening process. He works with the PowerShell Cmdlet "Set-NcSecurityConfig", but it allways throws an error, when limitting the allowed protocols. I have veryfied it internally with different versions of PowerShell and ONTAP:

 

Z:\> Set-NcSecurityConfig -Interface ssl -SupportedProtocols tlsv1_2
Set-NcSecurityConfig : Unexpected array element: security-supported-protocols
At line:1 char:1
+ Set-NcSecurityConfig -Interface ssl -SupportedProtocols tlsv1_2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (xxx.xxx.xxx.xxx.com:NcController) [Set-NcSecurityConfig], EINVALIDINPUTERROR
    + FullyQualifiedErrorId : ApiException,DataONTAP.C.PowerShell.SDK.Cmdlets.Security.SetNcSecurityConfig

 

I assume, a wrong attribute name is sent here ("security-supported-protocls" instead of "supported-protocols"). The ZAPI call works:

  <security-config-modify>
    <interface>ssl</interface>
    <supported-protocols>
        <string>TLSv1.2</string>
    </supported-protocols>
  </security-config-modify>

Also, submitting it via "Invoke-NcSystemApi" works without any problem:

PS Z:> $xml = Invoke-NcSystemApi "<security-config-modify><interface>ssl</interface><supported-protocols><string>TLSv1.2</string></supported-protocols></security-config-modify>"
PS Z:> $xml.results

status
------
passed

 

Maybe anybody can provide a simple fix 🙂

 

Thanks,

Adrian

0 REPLIES 0
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public