Configuring the SSL/TLS version
You can restrict which versions of SSL/TLS may be used to comply with your security policies.
Use the following commands to configure the SSL/TLS version and restrict which versions of SSL/TLS may be used.
Procedure
List the enabled SSL/TLS versions:
$ tls-version-list SSLv2 : disabled SSLv3 : disabled TLSv1 : enabled TLSv1.1 : enabled TLSv1.2 : enabled
Set the enabled SSL/TLS versions. The NAS Manager supports TLSv1.2, so it is recommended that you use this verison.
$ tls-version-set --tls1.1 --tls1.2 --confirm
NoteYou should not enable SSLv2, because it is not secure.Set the enabled SSL/TLS versions to the default. The default versions are TLS1.0, TLS1.1 and TLS1.2 enabled, and SSL2 and SSL3 disabled.
NoteThese default values are currently safe, but this may change as vulnerabilities are found in different SSL/TLS versions.$ tls-version-set --default --confirm
Results
When the SSL configuration is changed, or a custom certificate is installed or removed, the HTTPS management server is automatically restarted to ensure that all current and future connections make use of the certificate, and the enabled versions and ciphers. An incorrect configuration can cause the the
NAS Manager to be unable to communicate with the HTTPS management server. Verify that the
NAS Manager can still communicate after the settings have been changed.