Setup SSL Security Configuration

Overview

This function sets the security method of the SSL communication to provide more secure communication.

Caution
  • Enable the SSL version for HTTPS (GUI/REST) that is used for communication between the storage system and the setting PC. If the enabled SSL version setting used for communication is different between the storage system and the setting PC (web browser), access to the storage system from Web GUI is not allowed.

  • At least one SSL version (TLS1.0/TLS1.1/TLS1.2) must be enabled for "HTTPS (GUI/REST)".

Note
  • After the SSL version for "HTTPS (GUI/REST)" is specified, the new SSL session is applied from the next access (screen transition).

  • The SSL version that is specified with this function is applied to all LAN ports (MNT/RMT/FST).

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin  
AccountAdmin  
SecurityAdmin
Maintainer

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

SSL Cipher Setting

Item Description Setting values

Allow only ECDHE Ciphers

If only ECDHE ciphers are allowed, select "Yes". Otherwise, select "No". If "Yes" is selected for this item, select "TLS1.2" for "HTTPS(GUI/REST)", "HTTPS(SMI-S)", and "Maintenance-Secure". Regardless of whether "TLS1.0" or "TLS1.1" is set, "TLS1.2" is used.

Yes

No (Default)

SSL Version Settings

Item Description Setting values

HTTPS (GUI/REST)

Select the SSL version to enable for the HTTPS (GUI/REST) protocol.

Select the checkbox to enable the SSL version.

Selected: Enabled (Default)

Cleared: Disabled

HTTPS (SMI-S)

Select the SSL version to enable for the HTTPS (SMI-S) protocol.

Select the checkbox to enable the SSL version.

Selected: Enabled (Default)

Cleared: Disabled

Maintenance-Secure

Select the SSL version to enable for the Maintenance-Secure protocol.

Select the checkbox to enable the SSL version.

Selected: Enabled (Default)

Cleared: Disabled

Operating Procedures

  1. Click [Setup SSL Security Configuration] in [Action].

  2. Specify the parameters, and click the [Set] button.

    → A confirmation screen appears.

    Caution
    • If "Yes" is selected to allow only the ECDHE ciphers, the [Set] button is available only if "TLS1.2" is selected for all the protocols.

  3. Click the [OK] button.

    → The SSL security setting starts.

  4. Click the [Done] button to return to the [Network] screen.