HPE Community
HPE Nimble Storage Solution Specialists
1752442 Members
5931 Online
108788 Solutions
New Discussion юеВ

Nimble CS3000 and CS5000 disable TLS v1.0 and v1.1

 
Katie2
Occasional Collector

тАО12-17-2020 02:12 AM

тАО12-17-2020 02:12 AM

Nimble CS3000 and CS5000 disable TLS v1.0 and v1.1

Good morning.

We need to disable TLS v1.0 and v1.1 on our Nimble devices. Please could some guidance be provided on how to do this and how to confirm the new settings are in place? Also, will the settings continue to be disabled if the devices are rebooted? Will amending the current settings require any downtime? Thank you.

 

0 Kudos
Reply
3 REPLIES 3
Nick_Dyer
Honored Contributor

тАО12-18-2020 11:27 AM

тАО12-18-2020 11:27 AM

Re: Nimble CS3000 and CS5000 disable TLS v1.0 and v1.1

As part of Nimble's Common Criteria certification, it absolutely is possible to disable TLS v1. This is done via the CLI:

group --info | grep -i tlsv

This will show if it's enabled/disabled

group --edit --tlsv1_enabled {yes|no}

 This will edit the array group for tls v1.

If you need assistance at any point please contact Nimble Support.

Nick Dyer
twitter: @nick_dyer_
0 Kudos
Reply
aharvey
Frequent Visitor

тАО12-14-2022 08:58 AM

тАО12-14-2022 08:58 AM

Re: Nimble CS3000 and CS5000 disable TLS v1.0 and v1.1

This worked great, on all ports except 5394 (Group leader failover communication). Our scans show this port still enabled for the older TLS versions. Is there a way to mitigate this specific port?

0 Kudos
Reply
Sunitha_Mod
Moderator

тАО12-16-2022 01:12 AM

тАО12-16-2022 01:12 AM

Re: Nimble CS3000 and CS5000 disable TLS v1.0 and v1.1

Hello @aharvey

Thank you for writing to us! Since you have posted in an old topic and there is no response yet, I would recommend you to create a new topic using the create "New Discussion" button, so the experts can check and guide you further. 

Thanks,
Sunitha G
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.