The command enables configuring the lowest TLS version supported by SLX OS for the Client and Server modes of operation of the SLX device. This command is available under the respective modes under the Management Security SSL Profile mode. SLX uses OpenSSL to provide transport layer security and the current version of OpenSSL supports TLS v 1.1 to TLS v 1.2. Since the SLX box can be considered as both a client as well as a server, you can apply different supported TLS versions for each of these types. The default TLS version supported is v 1.1.
The default supported TLS version is version 1.1.
Indicates that the minimum version of TLS support is being configured. Select from one of the available choices.
Client Profile mode and Server Profile mode in SSL Profile mode. SSL Profile mode is available under Management Security mode.
The no format of this command resets the manual configuration of TLS support to the defaults. The default support is for TLS v 1.1 and TLS v 1.2.
This example shows how to navigate into the Client Profile mode and configure the minimum supported TLS version to 1.2.
SLX # conf term Entering configuration mode terminal SLX # conf term Entering configurationSLX (config)# SLX (config)# management-security SLX (mgmt-security)# SLX(mgmt-security)# ssl-profile ? Possible completions: client management security ssl profile client for tls configuration server management security ssl profile server for tls configuration SLX (mgmt-security)# ssl-profile client SLX (mgmt-sec-ssl-profile-client)# SLX (mgmt-sec-ssl-profile-client)# tls ? Possible completions: min-version min version to be supported by client SLX(mgmt-sec-ssl-profile-client)# tls min-version ? Possible completions: <1.1|1.2> specify TLS version SLX(mgmt-sec-ssl-profile-client)# tls min-version 1.2
This example shows how to disable the manual configuration for TLS version support.
SLX # conf term Entering configuration mode terminal SLX (config)# SLX (config)# management-security SLX (mgmt-security)# SLX (mgmt-security)# ssl-profile client SLX (mgmt-sec-ssl-profile-client)# SLX(mgmt-sec-ssl-profile-client)# no tls min-version
This example shows how by running the show running-config management-security command a TLS version is configured and the configured value can be seen.
SLX# conf Entering configuration mode terminal SLX(config)# management-security Possible completions: <cr> SLX(config)# management-security SLX(mgmt-security)# ssl-profile client SLX(mgmt-sec-ssl-profile-client)# tls min-version Possible completions: <1.1|1.2> specify TLS version[1.2] SLX(mgmt-sec-ssl-profile-client)# tls min-version SLX(mgmt-sec-ssl-profile-client)# ex SLX(mgmt-security)# ex SLX(config)# exi SLX# show running-config management-security management-security ssl-profile server tls min-version 1.2 ! ssl-profile client tls min-version 1.2 ! !