Table of ContentsView in Frames

Enabling or disabling TLS

Enabling Transport Layer Security (TLS) enables the storage system to use TLS on HTTPS, FTPS, and LDAP traffic.

Before you begin

TLS is disabled by default, and setting up SSL does not automatically enable TLS. Before enabling TLS, ensure that SSL has been set up and enabled.

About this task

Data ONTAP supports TLSv1, SSLv3, and SSLv2. TLSv1 is a protocol version higher than SSLv3, and SSLv3 is a protocol version higher than SSLv2. A negotiation process is built into the TLS and the SSL protocols to use the highest protocol version that is supported by both the client and the server for communication. For TLS to be used for communication, both the client requesting connection and the storage system must support TLS.

Step

  1. To enable or disable TLS, enter the following command: options tls.enable {on|off}
    • Use on to enable TLS.
      • For TLS to take effect on HTTPS, ensure that the httpd.admin.ssl.enable option is also set to on.
      • For TLS to take effect on FTPS, ensure that the ftpd.implicit.enable option or the ftpd.explicit.enable option is also set to on.
      • For TLS to take effect on LDAP, ensure that the ldap.ssl.enable option is also set to on.

      For more information about these options, see the na_options(1) man page.

      For more information about FTPS and LDAP, see the Data ONTAP File Access and Protocols Management Guide for 7-Mode.

    • Use off (the default) to disable TLS.

      When TLS is disabled, SSL is used for communication if SSL has previously been set up and enabled.