Setup SSL Security Configuration
Overview
This function sets the security method of the SSL communication to provide more secure communication.
Enable the SSL version for HTTPS (GUI/REST) that is used for communication between the storage system and the setting PC. If the enabled SSL version setting used for communication is different between the storage system and the setting PC (web browser), access to the storage system from Web GUI is not allowed.
At least one SSL version (TLS1.0/TLS1.1/TLS1.2) must be enabled for "HTTPS (GUI/REST)".
After the SSL version for "HTTPS (GUI/REST)" is specified, the new SSL session is applied from the next access (screen transition).
The SSL version that is specified with this function is applied to all LAN ports (MNT/RMT/FST).
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
SSL Cipher Setting
Item | Description | Setting values |
---|---|---|
Allow only ECDHE Ciphers |
If only ECDHE ciphers are allowed, select "Yes". Otherwise, select "No". If "Yes" is selected for this item, select "TLS1.2" for "HTTPS(GUI/REST)", "HTTPS(SMI-S)", and "Maintenance-Secure". Regardless of whether "TLS1.0" or "TLS1.1" is set, "TLS1.2" is used. |
Yes No (Default) |
SSL Version Settings
Item | Description | Setting values |
---|---|---|
HTTPS (GUI/REST) |
Select the SSL version to enable for the HTTPS (GUI/REST) protocol. Select the checkbox to enable the SSL version. |
Selected: Enabled (Default) Cleared: Disabled |
HTTPS (SMI-S) |
Select the SSL version to enable for the HTTPS (SMI-S) protocol. Select the checkbox to enable the SSL version. |
Selected: Enabled (Default) Cleared: Disabled |
Maintenance-Secure |
Select the SSL version to enable for the Maintenance-Secure protocol. Select the checkbox to enable the SSL version. |
Selected: Enabled (Default) Cleared: Disabled |
Operating Procedures
Click [Setup SSL Security Configuration] in [Action].
Specify the parameters, and click the [Set] button.
→ A confirmation screen appears.
CautionIf "Yes" is selected to allow only the ECDHE ciphers, the [Set] button is available only if "TLS1.2" is selected for all the protocols.
Click the [OK] button.
→ The SSL security setting starts.
Click the [Done] button to return to the [Network] screen.