- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- A5500: Howto force ssl to tls 1.x?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2017 10:21 PM
11-05-2017 10:21 PM
A5500: Howto force ssl to tls 1.x?
Have A5500 switches (formerly 3com 4800g), branded to HP with latest firmware 2222P07.
I can access the switch using http, but wanted to enable the https protocol
using the steps available via docs and google
#ip https enable
I only get the message from the browsers (FF and Chrome): unsupported protocol. In fact I have to force the switch to tls 1.x (ssl v3.1). Howto do this? Selfsigned certificate is not the problem, as I cancelled my tests with our AD-domain and the ceriifcate server because of "untrusted ca", where also no solution in world wibe web or docs.
- Tags:
- SSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2017 12:32 AM
11-06-2017 12:32 AM
Re: A5500: Howto force ssl to tls 1.x?
Hello, do you mean how to disable SSL 3.0 Switch side in order to force it to use TLS 1.0?
I'm not an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2017 12:53 AM
11-06-2017 12:53 AM
Re: A5500: Howto force ssl to tls 1.x?
Hi
thx for fast answer.
I have no idea, whats the right way to reach my goal.
If it runs trough disabling sslv3, may be...
Gotthard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2017 01:15 AM - edited 11-06-2017 01:30 AM
11-06-2017 01:15 AM - edited 11-06-2017 01:30 AM
Re: A5500: Howto force ssl to tls 1.x?
I asked that because I noticed that since R2221P08 a new feature was introduced: "Disabling SSL 3.0", it allows to disable SSL 3.0 on the Switch to enhance security (clearly peer devices - Web Browsers in our case - should support TLS 1.0).
The explanation given on Release Notes was:
This feature allows you to disable SSL 3.0 on a device to enhance system security.
- An SSL server supports only TLS 1.0 after SSL 3.0 is disabled.
- An SSL client always uses SSL 3.0 if SSL 3.0 is specified for the client policy, whether you
disable SSL 3.0 or not.
To ensure successful establishment of an SSL connection, do not disable SSL 3.0 on a device when the peer device only supports SSL 3.0. HP recommends upgrading the peer device to support TLS 1.0 to improve security.
The system-view command is ssl version ssl3.0 disable (undo to revert to SSL 3.0, which is enabled by default).
I'm not an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2017 01:55 AM
11-06-2017 01:55 AM
Re: A5500: Howto force ssl to tls 1.x?
Hi,
#ssl version ssl3.0 disable
don´t forget to reload https server: :-)
#undo ip https ena
#ip https ena
New error message in browser (here chrome):
ERR_SSL_BAD_RECORD_MAC_ALERT
If I check the certificate in IE, the selfsigned certificate is issued to "Comware-HTTPS...". No chance to change?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2017 02:32 AM
11-06-2017 02:32 AM
Re: A5500: Howto force ssl to tls 1.x?
Can you report if that Error "ERR_SSL_BAD_RECORD_MAC_ALERT" shows up using, respectively, latest Mozilla Firefox, Google Chrome and Microsoft Internet Explorer? maybe there is an issue (TLS 1.0 not supported on Web Browser side?) at Web Browser side...
I'm not an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2017 03:44 AM
11-06-2017 03:44 AM
Re: A5500: Howto force ssl to tls 1.x?
Hello,
Firefox 56: no connection with message similar as reported
Chrome 61: no connection with reported message
IE 11: connects with a lot of warnings: "the certificate was issued for an other address of this website"
IMHO the FF and Chrome have disabled ssl v3 support, but should accept tls v1.0 connections.
Go
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2019 09:07 AM
09-26-2019 09:07 AM
Re: A5500: Howto force ssl to tls 1.x?
same problem here.....
do you arribe to any solution?