跳转到主内容

COLTP-352928:尽管已启用TLSv1、但仍允许使用它

Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

问题描述

  • After disabling TLSv1 on the cluster, some SVM managment LIFs are still accepting the connection:

Cluster::*> security config show -fields supported-protocols interface supported-protocols --------- ------------------- SSL TLSv1.2, TLSv1.3

  • TLSv1 is still accepted:

> .\openssl.exe s_client -connect svm-management-lif:443 -tls1 -CAfile "C:\Install\ca.pem" .. SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES256-SHA Session-ID: 7C5B1A3F5C9C6D6C7F0A0C1A9D8E7D5B1B3C0A9C1F6C5C4E3B9F5C0A7C6B8D1C6A5C Session-ID-ctx: Master-Key: C1E4A9F3B5C7E6A1D1C7C0E9D2E4A8B5F6A1C3B7E1F0A8D7C1E6B9A2C4E0D8F3B5A6C

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.