HPE Community
HPE OneView
1819697 Members
4623 Online
109605 Solutions
New Discussion

Disable TLS 1.0

 
SOLVED
Go to solution
hyeberty
Frequent Visitor

‎05-21-2018 09:56 AM

‎05-21-2018 09:56 AM

Disable TLS 1.0

Our Security Team Scanned our OneView Applizance and is requesting that we disable TLS that is not TLS 1.2.

Is this support or is this capable of doing so? Has anyone done this? All of our hardware that is being managed by this oneview is running 2018.03 SPP. 

OneView is 4.0

  1. Firmware 
    4.00.07-0330056
0 Kudos
Reply
8 REPLIES 8
ChrisLynch
HPE Pro

‎05-21-2018 05:31 PM

‎05-21-2018 05:31 PM

Solution

Re: Disable TLS 1.0

Unfortunately, it is not possible to disable TLS 1.0 and/or 1.1 in OneView 4.00.  If your infrastructure is governed by the Payment Card Industry (PCI) DSS rules that require TLS 1.0 be disabled by June 1, 2018, please private message me so we can privately chat.  We will support this functionality with our next HPE OneView release.  And if you are going to ask when it will be released, I am unable to provide that information as we have yet to announce it.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
roffd
New Member

‎09-24-2018 10:29 AM

‎09-24-2018 10:29 AM

Re: Disable TLS 1.0

Chris,

How can I disbale TLS v1.0 and 1.1 in OneView v4.1?

0 Kudos
Reply
ChrisLynch
HPE Pro

‎09-24-2018 10:34 AM

‎09-24-2018 10:34 AM

Re: Disable TLS 1.0

Yes, using either the API, or PowerShell (Get-HPOVApplianceSecurityProtocol and Set-HPOVApplianceSecurityProtocol).  These are only supported in the HPE OneView 4.10 PowerShell library and appliance.  These cannot work with older OneView appliance versions as the API does not exist to manage.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
ASealPerspecta
Occasional Visitor

‎12-05-2018 01:17 PM - edited ‎12-05-2018 01:18 PM

‎12-05-2018 01:17 PM - edited ‎12-05-2018 01:18 PM

Re: Disable TLS 1.0

Is it possible to disable only TLS Version 1.0 or does it disable version 1.0 and 1.1?

Also, what are the ramifications? Can it still manage Gen 7 Blades etc. or does it lose the ability to do that with TLS 1.0 disabled?

Thanks

0 Kudos
Reply
ChrisLynch
HPE Pro

‎12-05-2018 01:50 PM

‎12-05-2018 01:50 PM

Re: Disable TLS 1.0

The Cmdlet will allow you to disable TLS 1.0.  If you attempt to disable 1.1 only, that will fail, as 1.0 is significantly less secure than 1.1.  This ONLY impacts the HPE OneView UI, not taking to endpoints like iLO.  We already enforce the highest TLS version the iLO supports.  You can put the appliance into either FIPS or CNSA security mode, which will disable weak security protocols and methods, and then could prevent iLO3 communiation, which does not support TLS 1.2.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
ASealPerspecta
Occasional Visitor

‎12-06-2018 07:51 AM

‎12-06-2018 07:51 AM

Re: Disable TLS 1.0

Thanks for the quick reply.

So to disable only TLS version 1 the ommand would look like this correct?

"Set-HPOVApplianceSecurityProtocol -EnableTlsVersion TLSv1.1,TLSv1.2"

A comma seperated value so it allows 1.1 and 1.2.

Or would it require 2 commands for each version?

Thanks again for the help.

0 Kudos
Reply
ChrisLynch
HPE Pro

‎12-06-2018 11:52 AM

‎12-06-2018 11:52 AM

Re: Disable TLS 1.0

Cmdlet usage is documented in the Cmdlet help. Yes, it would be:

TlsV1.1, Tlsv1.2

You can tab complete the allowed values when you provide the parameter name when interacting with the Cmdlet.

Sent from Outlook
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
AshJo
Occasional Visitor

‎02-07-2020 01:48 PM

‎02-07-2020 01:48 PM

Re: Disable TLS 1.0

Hi, 

 

I am looking to disable TLS1.0 on HP P2000 G3 FC array. I read other posts which says not possible. But our security scans are detecting TLS1.0. Please suggest how to proceed

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.