Configuring the minimum version of the TLS protocol
Use the following procedure to configure the minimum version of the TLS protocol.
Earlier releases used a self-signed certificate generated using the OpenSSL API, and this self-signed certificate was installed in /inflash/.ssh. The self-signed certificate is now generated with the Mocana API.
Disable the web server before changing the TLS version. By disabling the web server, other existing users with a connection to the web server are not affected by changing to a different version.
The switch by default supports version TLS 1.2 and above. You can explicitly configure TLS 1.0 and TLS 1.1 version support.
Procedure
- In the navigation tree, open the following folders: .
- Click General and select Web tab.
- In the TlsMinimumVersion field, select the TLS version you want to configure as the minimum on the system.
Web Field Descriptions
Use the data in the following table to use the Web tab.
Name |
Description |
---|---|
WebRWAUserName |
Specifies the RWA username from 1–20 characters. The default is admin. |
WebRWAUserPassword |
Specifies the password from 1–32 characters. The default is 12345678. |
WebROEnable Note:
Exception: not supported on VSP 8600 Series. |
Enables the web server read-only (RO) user, which is disabled by default after a software upgrade. |
WebROUserName |
Specifies the RO username from 1–20 characters. The default is user. Note:
Product Notice: For VSP 8600 Series the web server RO username must be enabled in CLI. |
WebROUserPassword |
Specifies the password from 1–32 characters. The default is password. |
MinimumPasswordLength |
Configures the minimum password length. By default, the minimum password length is 8 characters. |
HttpPort |
Specifies the HTTP port for web access. The default value is 80. |
HttpsPort |
Specifies the HTTPS port for web access. The default value is 443. |
SecureOnly |
Controls whether the secure-only option is enabled. The default is enabled. |
InactivityTimeout |
Specifies the idle time (in seconds) to wait before the EDM login session expires. The default value is 900 seconds (15 minutes). |
TlsMinimumVersion |
Configures the minimum version of the TLS protocol supported by the web-server. You can select from the following options:
The default is tlsv12. |
InUseCertType Note:
Exception: not supported on VSP 8600 Series. |
Shows if the certificate is self-signed or user-installed. Note:
Product Notice: For VSP 8600 Series use the show web-server command in CLI to view this information. |
HelpTftp/Ftp_SourceDir |
Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:
|
DefaultDisplayRows |
Configures the web server display row width between 10–100. The default is 30. |
LastChange |
Shows the last web-browser initiated configuration change. |
NumHits |
Shows the number of hits to the web server. |
NumAccessChecks |
Shows the number of access checks performed by the web server. |
NumAccessBlocks |
Shows the number of access attempts blocked by the web server. |
LastHostAccessBlockedAddressType |
Shows the address type, either IPv4 or IPv6, of the last host access blocked by the web server. |
LastHostAccessBlockedAddress |
Shows the IP address of the last host access blocked by the web server. |
NumRxErrors |
Shows the number of receive errors the web server encounters. |
NumTxErrors |
Shows the number of transmit errors the web server encounters. |
NumSetRequest |
Shows the number of set-requests sent to the web server. |