133
Use undo ssl version disable enable SSL protocol versions on the device.
Syntax
In non-FIPS mode:
ssl version { ssl3.0 | tls1.0 | tls1.1 } * disable
undo ssl version { ssl3.0 | tls1.0 | tls1.1 } * disable
In FIPS mode:
ssl version { tls1.0 | tls1.1 } * disable
undo ssl version { tls1.0 | tls1.1 } * disable
Default
In non-FIPS mode, the device supports SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.
In FIPS mode, the device supports TLS 1.0, TLS 1.1, and TLS 1.2.
Views
System view
Predefined user roles
network-admin
Parameters
ssl3.0: Specifies SSL 3.0.
tls1.0: Specifies TLS 1.0.
tls1.1: Specifies TLS 1.1.
Usage guidelines
Use this command to disable SSL 3.0, TLS 1.0, and TLS 1.1 on the device to enhance system
security.
An SSL client always uses the SSL protocol version specified for it (by using the version
command), whether you disable the SSL protocol version or not.
An SSL server supports only TLS 1.2 after SSL 3.0, TLS 1.0, and TLS 1.1 are disabled.
Disabling an SSL protocol version on the device does not affect the availability of earlier SSL protocol
versions. For example, if you execute the ssl version tls1.1 disable command, TLS 1.1 is disabled
but TLS 1.0 is still available.
In FIPS mode, the device does not support SSL 3.0.
Examples
# Disable SSL 3.0 on the device.
<Sysname> system-view
[Sysname] ssl version ssl3.0 disable
# Disable TLS 1.0 on the device.
<Sysname> system-view
To Next Page
Loading...
Need help?
General
