Re: Disable TSL vs 1.0

BradV · ‎08-18-2021

Just another method to disable TLS vs 1.0 in case it helps anyone?

# Extract the current TLS settings
TLSEnabled=$(curl --insecure \
   --header "X-API-Version: ${currentVersion}" \
   --header "auth: ${sessionID}" \
   --request GET ${OneView}/rest/security-standards/protocols | jq -r ".[] | .protocolName,.enabled")
declare -A TLS
i=0
for f in $(echo ${TLSEnabled}); do
   echo ${f}
   TLS[${i}]=${f}
   ((i++))
done
((i--))
# Create a function to disable TLS vs 1 and enable TLS vs 1.1 & 1.2
enableTLS () {
   TLSSet=$(curl --insecure \
      --header "content-type: application/json" \
      --header "X-API-Version: ${currentVersion}" \
      --header "auth: ${sessionID}" \
      --data '[ { "protocolName":"TLSv1", "enabled":false }, "protocolName":"TLSv1.1", "enabled":true, "protocolName":"TLSv1.2", "enabled":true }]' \
      --request PUT ${OneView}/rest/security-standards/protocols | jq -r '.'
}
#
for k in $(seq 0 2 ${i}); do
   l=$((${k} + 1))
   if [[ ${TLS[${k}]} == "TLSv1" && ${TLS[${l}]} == 'true" ]]; then
      echo "Have identified TLS v1 as being enabled."
      enableTLS
   elif [[ ${TLS[${k}]} == "TLSv1.1" ]]; then
      if [[ ${TLS[${l}]} == "false" ]]; then
         echo "Need to enable ${TLS[${k}]}"
         enableTLS
      else
         echo "${TLS[${k}]} is already enabled"
      fi
   elif [[ ${TLS[${k}]} == "TLSv1.2" ]]; then
      if [[ ${TLS[${l}]} == "false" ]]; then
         echo "Need to enable ${TLS[${k}]}"
         enableTLS
      else
         echo "${TLS[${k}]} is already enabled"
      fi
   else
      echo "TLS v1 is already disabled"
   fi
done

ChrisLynch · ‎08-19-2021

Thanks for sharing, @BradV.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Disable TSL vs 1.0

Disable TSL vs 1.0

Re: Disable TSL vs 1.0