Setup SSL Security Configuration

Overview

This function sets the security method of the SSL communication to provide more secure communication.

Caution

Enable the SSL version for HTTPS (GUI/REST) that is used for communication between the storage system and the setting PC. If the enabled SSL version setting used for communication is different between the storage system and the setting PC (web browser), access to the storage system from Web GUI is not allowed.
At least one SSL version (TLS1.0/TLS1.1/TLS1.2) must be enabled for "HTTPS (GUI/REST)".

Note

After the SSL version for "HTTPS (GUI/REST)" is specified, the new SSL session is applied from the next access (screen transition).
The SSL version that is specified with this function is applied to all LAN ports (MNT/RMT/FST).

User Privileges

Availability of Executions in the Default Role

Default role	Availability of executions
Monitor
Admin
StorageAdmin
AccountAdmin
SecurityAdmin
Maintainer

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

SSL Cipher Setting

Item	Description	Setting values
Allow only ECDHE Ciphers	If only ECDHE ciphers are allowed, select "Yes". Otherwise, select "No". If "Yes" is selected for this item, select "TLS1.2" for "HTTPS(GUI/REST)", "HTTPS(SMI-S)", and "Maintenance-Secure". Regardless of whether "TLS1.0" or "TLS1.1" is set, "TLS1.2" is used.	Yes No (Default)

Item

Description

Setting values

Allow only ECDHE Ciphers

If only ECDHE ciphers are allowed, select "Yes". Otherwise, select "No". If "Yes" is selected for this item, select "TLS1.2" for "HTTPS(GUI/REST)", "HTTPS(SMI-S)", and "Maintenance-Secure". Regardless of whether "TLS1.0" or "TLS1.1" is set, "TLS1.2" is used.

Yes

No (Default)

SSL Version Settings

Item	Description	Setting values
HTTPS (GUI/REST)	Select the SSL version to enable for the HTTPS (GUI/REST) protocol. Select the checkbox to enable the SSL version.	Selected: Enabled (Default) Cleared: Disabled
HTTPS (SMI-S)	Select the SSL version to enable for the HTTPS (SMI-S) protocol. Select the checkbox to enable the SSL version.	Selected: Enabled (Default) Cleared: Disabled
Maintenance-Secure	Select the SSL version to enable for the Maintenance-Secure protocol. Select the checkbox to enable the SSL version.	Selected: Enabled (Default) Cleared: Disabled

Item

Description

Setting values

HTTPS (GUI/REST)

Select the SSL version to enable for the HTTPS (GUI/REST) protocol.

Select the checkbox to enable the SSL version.

Selected: Enabled (Default)

Cleared: Disabled

HTTPS (SMI-S)

Select the SSL version to enable for the HTTPS (SMI-S) protocol.

Select the checkbox to enable the SSL version.

Selected: Enabled (Default)

Cleared: Disabled

Maintenance-Secure

Select the SSL version to enable for the Maintenance-Secure protocol.

Select the checkbox to enable the SSL version.

Selected: Enabled (Default)

Cleared: Disabled

Operating Procedures

Click [Setup SSL Security Configuration] in [Action].
Specify the parameters, and click the [Set] button.

→ A confirmation screen appears.
Caution
- If "Yes" is selected to allow only the ECDHE ciphers, the [Set] button is available only if "TLS1.2" is selected for all the protocols.
Click the [OK] button.

→ The SSL security setting starts.
Click the [Done] button to return to the [Network] screen.