Web TLS Protocol Configuration#

Commands are available to list Transport Layer Security (TLS) protocol versions and also to enable or disable TLS versions.

Note

The command should be run on all nodes in a cluster.
When enabling or disabling a TLS protocol version, the web server needs to be restarted. Running the command will show a message and carry out this task.

The following protocols are available in VOSS Automate:

TLSv1.2
TLSv1.3

Important

TLSv1.2 is enabled by default upon installation. Upon upgrade, your current protocol is retained.
TLSv1.2 can only be disabled by enabling TLSv1.3.

web ssl list

Example:
```
$ web ssl list
TLSv1.3: Disabled
TLSv1.2: Enabled
```
- Enabling or disabling a protocol that is already in that state, will raise an error message.

web ssl disable <TLS version>

Enabling or disabling a protocol that is already in that state, will raise an error message.

Example:

$ web ssl disable TLSv1.2
Disabling the TLSv1.2 protocol requires the web server to be restarted.
Do you wish to continue? yes
TLSv1.2: Disabled
TLSv1.3: Enabled

Restarting nginx for settings to take effect

Application nginx processes stopped.


Application services: firewall processes stopped.
Application nginx processes started.

web ssl enable <TLS version>

Note

When running web ssl enable TLSv1.3, it will disable TLSv1.2. Users will not be able to alter web ciphers.
When running web ssl enable TLSv1.2, it will disable TLSv1.3. Users can change the web ciphers.

Enabling or disabling a protocol that is already in that state, will raise an error message.

Example:

$ web ssl enable TLSv1.3
Enabling the TLSv1.3 protocol requires the web server to be restarted.
Do you wish to continue? yes
TLSv1.3: Enabled
TLSv1.2: Enabled


Restarting nginx for settings to take effect

Application nginx processes stopped.


Application services: firewall processes stopped.
Application nginx processes started.

The table below shows the result of running web ssl enable or web ssl disable given a specific state (from web ssl list).

State

Command

Result

1.2

1.3

on/off

1.2

1.3

on

off

1.2 on

on

off

off

on

1.3 on

off

on

on

off

1.2 off

off

on

off

on

1.3 off

on

off

State		Command	Result
1.2	1.3	on/off	1.2	1.3
on	off	1.2 on	on	off
off	on	1.3 on	off	on
on	off	1.2 off	off	on
off	on	1.3 off	on	off