SSLDISABLELEGACYTLS
The SSLDISABLELEGACYTLS option specifies whether to use the Transport Layer Security (TLS) 1.2 or later protocol for Secure Sockets Layer (SSL) sessions. The server rejects connection attempts that use levels earlier than TLS 1.2.
Syntax
.-SSLDISABLELEGACYTLS--No------. >>-+------------------------------+---------------------------->< '-SSLDISABLELEGACYTLS--+-No--+-' '-Yes-'
Parameters
- Yes
- Specifies that the server uses the TLS 1.2 or later protocol for
SSL sessions.
The SSLDISABLELEGACYTLS option overrides the SSLTLS12=NO option and enforces the rejection of SSL connection attempts that use levels earlier than TLS 1.2.
Requirements: Before you use TLS 1.2, ensure that the following settings are correct:- For the server and storage agent, if you use self-signed certificates, you must set the default label in the key database to "TSM Server SelfSigned SHA Key".
- For backup-archive clients, if you use self-signed certificates, you must import the cert256.arm file.
- No
- Specifies that the server allows TLS 1.1 and earlier
protocol for SSL sessions. Specify the SSLTLS12=YES option
to allow the server to use TLS 1.2 in addition to earlier protocols.
If you specify the SSLTLS12=YES option and do not specify the SSLDISABLELEGACYTLS option, TLS 1.2 might be used.
SSLTLS12 | SSLDISABLELEGACYTLS | TLS version that is used by the server |
---|---|---|
No* | No* | ≤ TLS 1.1 |
No* | Yes | ≥ TLS 1.2 |
Yes | No* | ≤ TLS 1.2 |
Yes | Yes | ≥ TLS 1.2 |
Notes:
|
Examples
Specify that the server uses the TLS 1.2 or later protocol for SSL sessions:
ssldisablelegacytls yes
Specify that the server allows TLS 1.1 and earlier protocol for SSL sessions:
ssldisablelegacytls no