LAN Routing

Disable SSL 3.0 HPE FF 5700 Switches

 
SOLVED
Go to solution
Kevin_cambs_uk
Visitor

Disable SSL 3.0 HPE FF 5700 Switches

Hi all

We have some new HPE Flex Fabric 5700 switches, HPE FF 5700-40XG-2QSFP+ Switch

Very nice they are too, however they ship with SSL 3.0 enabled.

I have sent a day trying to figure out how to disbale SSL3.0 and force the web interface onto SSL 1.0 at the very least, but I am still struggling. I cannot see any option in the web gui, or via the telnet login.

If anyone from HPE could point me in the right direction that would be most welcome.

Kev

 

4 REPLIES 4
parnassus
Honored Contributor

Re: Disable SSL 3.0 HPE FF 5700 Switches

Forcing SSL 1.0? are you really sure about what you wrote?

IMHO you probably want to disable SSL 3.0 in favour of TLS 1.0, 1.1 or 1.2.

IIRC isn't there a CLI command (available in system view mode) like the ssl version { ssl3.0 | tls1.0 | tls1.1 } disable ...clearly it depends on how recent is the running software (and, if available, it requires you disable/enable the https service with undo ip https enable followed by a ip https enable).

Any feedback on HPE FlexFabric 5700 guides?

Does HPE FlexFabric 5700 (JG896A) Release Notes document report something interesting about SSL 3.0 (it does, check!)?


I'm not an HPE Employee
Kudos and Accepted Solution banner
Kevin_cambs_uk
Visitor

Re: Disable SSL 3.0 HPE FF 5700 Switches

Thanks for the reply,

All sorted...

I have worked out how to disble ssl3.0 so the default will be 1.0 at the very least

The commands were via telnet and if anyone here wants to know it was a simple case of

system-view

ssl version ssl3.0 disable

So now onto trying to work out how to disbale iP forwarding!

Thanks

Kev

 

 

 

parnassus
Honored Contributor

Re: Disable SSL 3.0 HPE FF 5700 Switches

Hi, exactly as I wrote you above...


I'm not an HPE Employee
Kudos and Accepted Solution banner
Kevin_cambs_uk
Visitor
Solution

Re: Disable SSL 3.0 HPE FF 5700 Switches

Yes, sorry, I didnt read youre  reply correctly!

but thanks again for replying, its appreciated!

 

Kev