Community
HPE OneView
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable TLS 1.0

 
SOLVED
Go to solution
hyeberty
hyeberty
Visitor

‎05-21-2018 09:56 AM

‎05-21-2018 09:56 AM

Disable TLS 1.0

Our Security Team Scanned our OneView Applizance and is requesting that we disable TLS that is not TLS 1.2.

Is this support or is this capable of doing so? Has anyone done this? All of our hardware that is being managed by this oneview is running 2018.03 SPP. 

OneView is 4.0

  1. Firmware 
    4.00.07-0330056
0 Kudos
Reply
7 REPLIES
ChrisLynchHPE
ChrisLynchHPE
Neighborhood Moderator

‎05-21-2018 05:31 PM

‎05-21-2018 05:31 PM

Solution

Re: Disable TLS 1.0

Unfortunately, it is not possible to disable TLS 1.0 and/or 1.1 in OneView 4.00.  If your infrastructure is governed by the Payment Card Industry (PCI) DSS rules that require TLS 1.0 be disabled by June 1, 2018, please private message me so we can privately chat.  We will support this functionality with our next HPE OneView release.  And if you are going to ask when it will be released, I am unable to provide that information as we have yet to announce it.

Reply
roffd
roffd
Occasional Visitor

‎09-24-2018 10:29 AM

‎09-24-2018 10:29 AM

Re: Disable TLS 1.0

Chris,

How can I disbale TLS v1.0 and 1.1 in OneView v4.1?

0 Kudos
Reply
ChrisLynchHPE
ChrisLynchHPE
Neighborhood Moderator

‎09-24-2018 10:34 AM

‎09-24-2018 10:34 AM

Re: Disable TLS 1.0

Yes, using either the API, or PowerShell (Get-HPOVApplianceSecurityProtocol and Set-HPOVApplianceSecurityProtocol).  These are only supported in the HPE OneView 4.10 PowerShell library and appliance.  These cannot work with older OneView appliance versions as the API does not exist to manage.

0 Kudos
Reply
ASealPerspecta
ASealPerspecta
Occasional Visitor

Wednesday - last edited Wednesday

Wednesday - last edited Wednesday

Re: Disable TLS 1.0

Is it possible to disable only TLS Version 1.0 or does it disable version 1.0 and 1.1?

Also, what are the ramifications? Can it still manage Gen 7 Blades etc. or does it lose the ability to do that with TLS 1.0 disabled?

Thanks

0 Kudos
Reply
ChrisLynchHPE
ChrisLynchHPE
Neighborhood Moderator

Wednesday

Wednesday

Re: Disable TLS 1.0

The Cmdlet will allow you to disable TLS 1.0.  If you attempt to disable 1.1 only, that will fail, as 1.0 is significantly less secure than 1.1.  This ONLY impacts the HPE OneView UI, not taking to endpoints like iLO.  We already enforce the highest TLS version the iLO supports.  You can put the appliance into either FIPS or CNSA security mode, which will disable weak security protocols and methods, and then could prevent iLO3 communiation, which does not support TLS 1.2.

0 Kudos
Reply
ASealPerspecta
ASealPerspecta
Occasional Visitor

Thursday

Thursday

Re: Disable TLS 1.0

Thanks for the quick reply.

So to disable only TLS version 1 the ommand would look like this correct?

"Set-HPOVApplianceSecurityProtocol -EnableTlsVersion TLSv1.1,TLSv1.2"

A comma seperated value so it allows 1.1 and 1.2.

Or would it require 2 commands for each version?

Thanks again for the help.

0 Kudos
Reply
ChrisLynchHPE
ChrisLynchHPE
Neighborhood Moderator

Thursday

Thursday

Re: Disable TLS 1.0

Cmdlet usage is documented in the Cmdlet help. Yes, it would be:

TlsV1.1, Tlsv1.2

You can tab complete the allowed values when you provide the parameter name when interacting with the Cmdlet.

Sent from Outlook
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.