topic Re: Disable older TLS on port 5394 in HPE Nimble Storage Solution Specialists

Disable older TLS on port 5394

aharvey — Fri, 06 Jan 2023 12:50:38 GMT

We have a Nimble CS300 and are working on disabling older TLS protocols to meet security requirements. We have successfully run the below command on our Nimble storage unit that disable the older protocols on open ports...except for port 5394 (Group leader failover communication). This port is still showing TLS 1.0 and 1.1.

group --edit --tlsv1_enabled {yes|no}

Is there a way to mitigate this specific port?

Query: Disable older TLS on port 5394

support_s — Fri, 16 Dec 2022 18:41:33 GMT

System recommended content:

1. HPE OneView 8.0 User Guide for VMs | Disabling TLS 1.0 or TLS 1.1 protocols

2. HPE OneView 7.0 User Guide for VMs | Disabling TLS 1.0 or TLS 1.1 protocols

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

Thank you for being a HPE valuable community member.

Re: Disable older TLS on port 5394

Vipin_S — Fri, 06 Jan 2023 09:12:20 GMT

Hello @aharvey ,

As of NImble OS Version 5.1, TCP port 5394 was added. TLS 1.0/1.1 is enabled on that TCP port, and does not disable with the --tlsv1_enabled switch.

There is a bug which seeks to disable TLS1.0/1.1 on TCP port 5394. So solution would be TCP port 5394, needs to be attached to this bug. For that you need to connect with HPE nimble support team and raise the request.

Telephone and Email Support is available 24x7. Contact details for your location can be found at the following web page: https://www.hpe.com/us/en/services/nimble-storage.html
Email: support@nimblestorage.com