Web TLS Protocol Configuration

Commands are available to list Transport Layer Security (TLS) protocol versions and also to enable or disable TLSv1.1.

Note

• The command should be run on all nodes in a cluster.
• When enabling or disabling a TLS protocol version, the web server needs to be restarted. Running the command will show a message and carry out this task.

The following protocols are available in VOSS-4-UC:

• TLSv1.1
• TLSv1.2

Important

TLSv1.2 is always enabled and cannot be disabled.

• web ssl list

  Example:

  $ web ssl list
  TLSv1.1: Enabled
  TLSv1.2: Enabled
  

  • Enabling or disabling a protocol that is already in that state, will raise an error message.

• web ssl disable TLSv1.1

  • Enabling or disabling a protocol that is already in that state, will raise an error message.

  Example:

  $ web ssl disable TLSv1.1
  Disabling the TLSv1.1 protocol requires the web server to be restarted.
  Do you wish to continue? yes
  TLSv1.1: Disabled
  TLSv1.2: Enabled
  
  Restarting nginx for settings to take effect
  
  Application nginx processes stopped.
  
  
  Application services: firewall processes stopped.
  Application nginx processes started.
  

• web ssl enable TLSv1.1

  • Enabling or disabling a protocol that is already in that state, will raise an error message.

  Example:

  $ web ssl enable TLSv1.1
  Enabling the TLSv1.1 protocol requires the web server to be restarted.
  Do you wish to continue? yes
  TLSv1.1: Enabled
  TLSv1.2: Enabled
  
  
  Restarting nginx for settings to take effect
  
  Application nginx processes stopped.
  
  
  Application services: firewall processes stopped.
  Application nginx processes started.