.. _Web_TLS_Protocol_Configuration:

Web TLS Protocol Configuration
------------------------------

.. index:: web;web ssl


.. _19.1|VOSSUC-20130:
.. _12.5(1)|VOSSUC-20130:

Commands are available to list Transport Layer Security (TLS) protocol versions
and also to enable or disable TLSv1.1.

.. note::
   
   * The command should be run on all nodes in a cluster.
   * When enabling or disabling a TLS protocol version, the web server needs to be restarted.
     Running the command will show a message and carry out this task.


The following protocols are available in VOSS-4-UC:

* TLSv1.1
* TLSv1.2

.. important::

   TLSv1.2 is always enabled and cannot be disabled.


* **web ssl list**

  Example:

  ::
  
     $ web ssl list
     TLSv1.1: Enabled
     TLSv1.2: Enabled

  * Enabling or disabling a protocol that is already in that state, will raise an error message.


* **web ssl disable TLSv1.1**

  * Enabling or disabling a protocol that is already in that state, will raise an error message.

  Example:

  ::
  
     $ web ssl disable TLSv1.1
     Disabling the TLSv1.1 protocol requires the web server to be restarted.
     Do you wish to continue? yes
     TLSv1.1: Disabled
     TLSv1.2: Enabled

     Restarting nginx for settings to take effect

     Application nginx processes stopped.


     Application services: firewall processes stopped.
     Application nginx processes started.

* **web ssl enable TLSv1.1**

  * Enabling or disabling a protocol that is already in that state, will raise an error message.

  Example:

  ::
  
     $ web ssl enable TLSv1.1
     Enabling the TLSv1.1 protocol requires the web server to be restarted.
     Do you wish to continue? yes
     TLSv1.1: Enabled
     TLSv1.2: Enabled


     Restarting nginx for settings to take effect

     Application nginx processes stopped.


     Application services: firewall processes stopped.
     Application nginx processes started.

.. |VOSS-4-UC| replace:: VOSS-4-UC
.. |Unified CM| replace:: Unified CM