Solved: What is the way to disable SSL 2.0 and 3.0 and use TLS 1.2?

novice · ‎2021-01-26

I got the following security violation notice on Netapp 8.2.2 (System Manager 3.1.3):

==============================================================

Description :
The remote service accepts connections encrypted using SSL 2.0 and/or
SSL 3.0. These versions of SSL are affected by several cryptographic
flaws, including:
- An insecure padding scheme with CBC ciphers.
- Insecure session renegotiation and resumption schemes.

...

Solution :
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.2 (with approved cipher suites) or higher instead.

==============================================================

What is the way to disable SSL 2.0 and 3.0 and use TLS 1.2?

Thank you.

darb0505 · ‎2021-01-26

Hi @novice ,

Here is a KB article that includes details to the security notice and how to disable SSL 2.0 and 3.0.

KB: How to disable SSLv2 and SSLv3 in Data ONTAP

Let us know if you have any questions regarding the steps to disable the SSL 2.0/3.0. The KB includes steps for ONTAP 7-mode and cluster mode.

Thanks

Team NetApp

View solution in original post

darb0505 · ‎2021-01-26