Table of ContentsView in Frames

Enabling or disabling SSLv2 or SSLv3

If your storage system has the SSL protocol enabled, you can specify the SSL version(s) to use.

About this task

Enabling the SSL versions alone does not enable the SSL protocol for the storage system. To use SSL, ensure that the protocol is enabled on your storage system.

TLS offers better security than SSLv3, and SSLv3 offers better security than SSLv2. In addition to enabling the SSL protocol, you must also have at least one of SSLv2, SSLv3, or TLS enabled for the storage system to use SSL for communication.

Step

  1. Enter the following command to enable or disable SSLv2 or SSLv3:
    To enable or disable this SSL version...           Enter the following command...
    SSLv2
    options ssl.v2.enable {on|off}
    SSLv3
    options ssl.v3.enable {on|off}

    Setting the option to on (the default) enables the SSL version on HTTPS, FTPS, and LDAP connections, if the following options are also set to on:
    • httpd.admin.ssl.enable (for HTTPS)
    • ftpd.implicit.enable or ftpd.explicit.enable (for FTPS)
    • ldap.ssl.enable (for LDAP)

    Setting the option to off disables the SSL version on HTTPS, FTPS, and LDAP connections.

    For more information about these options, see the na_options(1) man page.

    For more information about FTPS and LDAP, see the Data ONTAP File Access and Protocols Management Guide for 7-Mode.