- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: Disable TLS v1.1 without going for CNSA crypto...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2021 02:52 AM - edited 02-08-2021 03:30 AM
02-08-2021 02:52 AM - edited 02-08-2021 03:30 AM
Hello,
Changing to CNSA cryptograpy has numerous consequences, which we might not be able to cope with.
On OneView 5.40, is there an alternate way to disable TLS v1.1 ?
I could not find any in the documentation I went through, but I have to ask.
Thanks for your support
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2021 07:57 AM
02-08-2021 07:57 AM
SolutionYes. This is currently controlled by REST API calls. We provide a PowerShell Cmdlet that can get the configuration (Get-OVApplianceSecurityProtocol ) and change it (Set-OVApplianceSecurityProtocol ).
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2021 02:32 AM
02-10-2021 02:32 AM
Re: Disable TLS v1.1 without going for CNSA cryptography mode
Hello, by disabling TLSv1.1 without going to CNSA.
We would still have available all the cyphers/keyexchange available in FIPS ?
Is there anything else that is removed/disabled when disabling TLSv1.1 using Set-OVApplianceSecurityProtocol ?
Tks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2021 07:03 AM
02-10-2021 07:03 AM
Re: Disable TLS v1.1 without going for CNSA cryptography mode
You can only change the TLS mode of the appliance with that Cmdlet. If you need to also change the crypto ciphers, you need to change the cryptography mode from Legacy to FIPS or CNSA.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2021 06:40 AM
11-08-2021 06:40 AM
Re: Disable TLS v1.1 without going for CNSA cryptography mode
Hello
Thanks for your help
Is there any risk in changing the cryptography to FIPS mode? Is there any effect on the oneview configuration? or the change is transparent?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2021 06:56 AM
11-08-2021 06:56 AM
Re: Disable TLS v1.1 without going for CNSA cryptography mode
Changing the appliance cryptography mode does have impact to the appliance and the devices and services it can connect to. I would suggest you review the User Guide ("Cryptography mode settings" chapter) on the various modes and potential impact.
I am an HPE employee