Ssldisablelegacytls
Use the ssldisablelegacytls option to disallow the use of SSL protocols that are lower than TLS 1.2.
Supported Clients
This option is valid for all supported clients.
Options File
Place this option in the dsm.sys file. You can also set this option in the GUI by selecting the Require TLS 1.2 or above check box on the Communication tab of the Preferences editor. You cannot set this option on the command line.
Place this option in the client options (dsm.opt) file. You can also set this option in the GUI by selecting the Require TLS 1.2 or above check box on the Communication tab of the Preferences editor. You cannot set this option on the command line.
Syntax
Parameters
- No
- Specifies that the backup-archive client does not require TLS 1.2 for SSL sessions. It allows connection at TLS 1.1 and lower SSL protocols. When the backup-archive client communicates with an IBM Spectrum Protect server V8.1.1 and earlier V8 levels, and V7.1.7 and earlier levels, No is the default.
- Yes
- Specifies that the backup-archive client requires that all SSL sessions use TLS 1.2 (or higher) protocol. When the backup-archive client communicates with an IBM Spectrum Protect server V8.1.2 and later levels, and V7.1.8 and later V7 levels, Yes is the default.
Examples
- Options file:
ssldisablelegacytls yes
- Command line:
- Does not apply.