Configure the Minimum Version of the TLS Protocol

Use the following procedure to configure the minimum version of the TLS protocol.

Disable the web server before changing the TLS version. By disabling the web server, other existing users with a connection to the web server are not affected by changing to a different version.

The switch, by default, supports version TLS 1.2 and later. You can explicitly configure TLS 1.0 and TLS 1.1 version support.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Select General.
  3. Select the Web tab.
  4. In TlsMinimumVersion, select the TLS version you want to configure as the minimum on the system.
  5. Select Apply.

Web Field Descriptions

Use the data in the following table to use the Web tab.

Name

Description

WebRWAUserName

Specifies the RWA user name. The default is admin.

WebRWAUserPassword

Specifies the password for the RWA user account. The default is password.

WebROEnable

Enables the web server read-only (RO) user, which is disabled by default.

WebEncryptionType

Specifies the ciphers for preset version of TLS for the web server.

WebCertSubjectName

Specifies the digital certificate subject Name used as identity certificate in the web server.

WebCertCAName

Specifies the digital certificate CA trustpoint name used for the certificate in the web server.

WebROUserName

Specifies the RO user name. The default is user.

WebROUserPassword

Specifies the password for the RO user account. The default is 12345678.

MinimumPasswordLength

Configures the minimum password length. By default, the minimum password length is 8 characters.

HttpPort

Specifies the HTTP port for web access. The default value is 80.

HttpsPort

Specifies the HTTPS port for web access. The default value is 443.

SecureOnly

Controls whether the secure-only option is enabled. The default is enabled.

InactivityTimeout

Specifies the idle time (in seconds) to wait before the EDM login session expires. The default value is 900 seconds (15 minutes).

TlsMinimumVersion

Configures the minimum version of the TLS protocol supported by the web-server. You can select from the following options:

  • tlsv10 – Configures the version to TLS 1.0.

  • tlsv11 – Configures the version to TLS 1.1.

  • tlsv12 – Configures the version to TLS 1.2

The default is tlsv12.

SSLRenegotiation

Specifies whether SSL renegotiation is enabled or disabled.

The default is enabled.

HelpTftp/Ftp_SourceDir

Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:

  • 192.0.2.1:/Help

  • 192.0.2.1:/

DefaultDisplayRows

Configures the number of rows each page displays. The default is 30.

LastChange

Shows the last web-browser initiated configuration change.

NumHits

Shows the number of hits to the web server.

NumAccessChecks

Shows the number of access checks performed by the web server.

NumAccessBlocks

Shows the number of access attempts blocked by the web server.

LastHostAccessBlockedAddressType

Shows the address type, either IPv4 or IPv6, of the last host access blocked by the web server.

LastHostAccessBlockedAddress

Shows the IP address of the last host access blocked by the web server.

NumRxErrors

Shows the number of receive errors the web server encounters.

NumTxErrors

Shows the number of transmit errors the web server encounters.

NumSetRequest

Shows the number of set-requests sent to the web server.