[x]

SSL commands > ssl version disable

 

 Next

ssl version disable

Use ssl version disable to disable the SSL server from using specific SSL protocol versions for session negotiation.

Use undo ssl version disable restore the default.

Syntax

In non-FIPS mode:

ssl version { ssl3.0 | tls1.0 | tls1.1 } * disable

undo ssl version { ssl3.0 | tls1.0 | tls1.1 } * disable

In FIPS mode:

ssl version { tls1.0 | tls1.1 } * disable

undo ssl version { tls1.0 | tls1.1 } * disable

Default

In non-FIPS mode, the SSL server supports SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.

In FIPS mode, the SSL server supports TLS 1.0, TLS 1.1, and TLS 1.2.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ssl3.0: Specifies SSL 3.0.

tls1.0: Specifies TLS 1.0.

tls1.1: Specifies TLS 1.1.

Usage guidelines

To enhance system security, you can disable the SSL server from using specific SSL protocol versions (SSL 3.0, TLS 1.0, and TLS 1.1) for session negotiation.

Disabling an SSL protocol version does not affect the availability of earlier SSL protocol versions. For example, if you execute the ssl version tls1.1 disable command, TLS 1.1 is disabled but TLS 1.0 is still available for the SSL server.

Examples

# Disable SSL 3.0 for the SSL server.

<Sysname> system-view
[Sysname] ssl version ssl3.0 disable

prev

 

up

 next

ssl server-policy 

home

 version

© Copyright 2018 Hewlett Packard Enterprise Development LP