Ssl Version Ssl3.0 Disable; Version - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1]
Related commands
display ssl server-policy
ssl version ssl3.0 disable
Use ssl version ssl3.0 disable to disable SSL 3.0 on the device.
Use undo ssl version ssl3.0 disable restore the default.
Syntax
ssl version ssl3.0 disable
undo ssl version ssl3.0 disable
Default
SSL 3.0 is enabled on the device.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use this command to disable SSL 3.0 on a device to enhance system security.
•
An SSL server supports only TLS 1.0 after SSL 3.0 is disabled.
•
An SSL client always uses SSL 3.0 if SSL 3.0 is specified for the client policy, whether you
disable SSL 3.0 or not.
To ensure successful establishment of an SSL connection, do not disable SSL 3.0 on a device when
the peer device only supports SSL 3.0. As a best practice, upgrade the peer device to support TLS
1.0 to improve security.
Examples
# Disable SSL 3.0 on the device.
<Sysname> system-view
[Sysname] ssl version ssl3.0 disable
version
Use version to specify an SSL protocol version for an SSL client policy.
Use undo version to restore the default.
Syntax
In non-FIPS mode:
version { ssl3.0 | tls1.0 }
undo version
In FIPS mode:
version tls1.0
733
Advertisement
Table of Contents
