You can configure the web protocol engine on the cluster to control whether web access is allowed and what SSL versions can be used. You can also display the configuration settings for the web protocol engine.
You can manage the web protocol engine at the cluster level in the following ways:
By default, SSLv3 is enabled. Transport Layer Security 1.0 (TLSv1.0) is enabled and cannot be disabled.
By default, FIPS 140-2 compliance is disabled. When FIPS 140-2 compliance is enabled, SSLv3 is disabled, and only TLSv1 remains enabled. Data ONTAP prevents you from enabling SSLv3 when FIPS 140-2 compliance is enabled.
If you enable FIPS 140-2 and then subsequently disable it, SSLv3 remains disabled, but TLSv1 is always enabled.
If the firewall is enabled, the firewall policy for the logical interface (LIF) to be used for web services must be set up to allow HTTP or HTTPS access.
If you use HTTPS for web service access, SSL for the cluster or Storage Virtual Machine (SVM) that offers the web service must also be enabled, and you must provide a digital certificate for the cluster or SVM.
In MetroCluster configurations, the setting changes you make for the web protocol engine on a cluster are not replicated on the partner cluster.