Network and Storage Protocols

What is the way to disable SSL 2.0 and 3.0 and use TLS 1.2?

novice
11,373 Views

I got the following security violation notice on Netapp 8.2.2 (System Manager 3.1.3):

 

==============================================================

Description :
The remote service accepts connections encrypted using SSL 2.0 and/or
SSL 3.0. These versions of SSL are affected by several cryptographic
flaws, including:
- An insecure padding scheme with CBC ciphers.
- Insecure session renegotiation and resumption schemes.

...

Solution :
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.2 (with approved cipher suites) or higher instead.

==============================================================

 

What is the way to disable SSL 2.0 and 3.0 and use TLS 1.2?

Thank you.

1 ACCEPTED SOLUTION

darb0505
11,333 Views

Hi @novice ,

 

Here is a KB article that includes details to the security notice and how to disable SSL 2.0 and 3.0.

 

KB: How to disable SSLv2 and SSLv3 in Data ONTAP

 

Let us know if you have any questions regarding the steps to disable the SSL 2.0/3.0.  The KB includes steps for ONTAP 7-mode and cluster mode.

 

Thanks

Team NetApp

View solution in original post

1 REPLY 1

darb0505
11,334 Views

Hi @novice ,

 

Here is a KB article that includes details to the security notice and how to disable SSL 2.0 and 3.0.

 

KB: How to disable SSLv2 and SSLv3 in Data ONTAP

 

Let us know if you have any questions regarding the steps to disable the SSL 2.0/3.0.  The KB includes steps for ONTAP 7-mode and cluster mode.

 

Thanks

Team NetApp
Public