Configure the Minimum Version of the TLS Protocol
Use the following procedure to configure the minimum version of the TLS protocol.
Earlier releases used a self-signed certificate generated using the OpenSSL API, and this self-signed certificate was installed in /inflash/.ssh. The self-signed certificate is generated with the Mocana API.
Disable the web server before changing the TLS version. By disabling the web server, other existing users with a connection to the web server are not affected by changing to a different version.
The switch by default supports version TLS 1.2 and above. You can explicitly configure TLS 1.0 and TLS 1.1 version support.
Procedure
- In the navigation pane, expand .
- Select General.
- Select the Web tab.
- In TlsMinimumVersion, select the TLS version you want to configure as the minimum on the system.
- Select Apply.
Web Field Descriptions
Use the data in the following table to use the Web tab.
|
Name |
Description |
|---|---|
|
WebRWAUserName |
Specifies the RWA username from 1–20 characters. The default is admin. |
|
WebRWAUserPassword |
Specifies the password from 1–32 characters. The default is 12345678. |
|
WebROEnable Note:
Exception: not supported on VSP 8600 Series. |
Enables the web server read-only (RO) user, which is disabled by default after a software upgrade. |
|
WebEncryptionType |
Specifies the ciphers for preset version of TLS for the web server. |
|
WebCertSubjectName |
Specifies the digital certificate subject Name used as identity certificate in the web server. |
|
WebCertCAName |
Specifies the digital certificate CA trustpoint name used for the certificate in the web server. |
|
WebROUserName |
Specifies the RO username. The default is user. Note:
Product Notice: For VSP 8600 Series the web server RO username must be enabled in CLI. |
|
WebROUserPassword |
Specifies the password from 1–32 characters. The default is password. |
|
MinimumPasswordLength |
Configures the minimum password length. By default, the minimum password length is 8 characters. |
|
HttpPort |
Specifies the HTTP port for web access. The default value is 80. |
|
HttpsPort |
Specifies the HTTPS port for web access. The default value is 443. |
|
SecureOnly |
Controls whether the secure-only option is enabled. The default is enabled. |
|
InactivityTimeout |
Specifies the idle time (in seconds) to wait before the EDM login session expires. The default value is 900 seconds (15 minutes). |
|
TlsMinimumVersion |
Configures the minimum version of the TLS protocol supported by the web-server. You can select from the following options:
The default is tlsv12. |
|
InUseCertType Note:
Exception: not supported on VSP 8600 Series. |
Shows if the certificate is self-signed or user-installed. Note:
Product Notice: For VSP 8600 Series use the show web-server command in CLI to view this information. |
|
HelpTftp/Ftp_SourceDir |
Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:
|
|
DefaultDisplayRows |
Configures the web server display row width between 10–100. The default is 30. |
|
LastChange |
Shows the last web-browser initiated configuration change. |
|
NumHits |
Shows the number of hits to the web server. |
|
NumAccessChecks |
Shows the number of access checks performed by the web server. |
|
NumAccessBlocks |
Shows the number of access attempts blocked by the web server. |
|
LastHostAccessBlockedAddressType |
Shows the address type, either IPv4 or IPv6, of the last host access blocked by the web server. |
|
LastHostAccessBlockedAddress |
Shows the IP address of the last host access blocked by the web server. |
|
NumRxErrors |
Shows the number of receive errors the web server encounters. |
|
NumTxErrors |
Shows the number of transmit errors the web server encounters. |
|
NumSetRequest |
Shows the number of set-requests sent to the web server. |