IAP tls version to choose

Aruba Employee
Q:

How to choose the TLS verstions TLSv1.0/TLSv1.1/TLSv1.2?
 



A:

Before 4.2 IAP support TLSv1.0/TLSv1.1/TLSv1.2 but can not choose which one to use. Sometimes we do not hope use some lower security level like TLSv1.0 when open UI of IAP. So we need make it configurable.
In IAP 4.2, we can specify SSL protocol of web server.

Note: By default config is support all TLS version (TLSv1.0/TLSv1.1/TLSv1.2

CLI config


24:de:c6:cb:b9:1a# configure terminal 
We now support CLI commit model, please type "commit apply" for configuration to take effect.


24:de:c6:cb:b9:1a (config) # web-server 
24:de:c6:cb:b9:1a (web-server) # ?
no               Delete command
ssl-protocol     

24:de:c6:cb:b9:1a (web-server) # ssl-protocol ?
all         
tlsv1       
tlsv1_1     
tlsv1_2
    

24:de:c6:cb:b9:1a (web-server) # ssl-protocol tlsv1
24:de:c6:cb:b9:1a (web-server) # end
24:de:c6:cb:b9:1a# commit apply 
committing configuration...
configuration committed.
24:de:c6:cb:b9:1a# show run | begin ssl
 ssl-protocol tlsv1


24:de:c6:cb:b9:1a# configure terminal 
We now support CLI commit model, please type "commit apply" for configuration to take effect.
24:de:c6:cb:b9:1a (config) # 
24:de:c6:cb:b9:1a (config) # web-server 
24:de:c6:cb:b9:1a (web-server) # no ssl-protoco
24:de:c6:cb:b9:1a (web-server) # end
24:de:c6:cb:b9:1a# commit apply 
committing configuration...
configuration committed.
24:de:c6:cb:b9:1a# sho run | begin ssl
24:de:c6:cb:b9:1a# 

24:de:c6:cb:b9:1a# configure terminal 
We now support CLI commit model, please type "commit apply" for configuration to take effect.
24:de:c6:cb:b9:1a (config) # no web-server 
24:de:c6:cb:b9:1a (config) # end
24:de:c6:cb:b9:1a# commit apply 
committing configuration...
configuration committed.


24:de:c6:cb:b9:1a# show run | begin web-server
24:de:c6:cb:b9:1a# 

Version history
Revision #:
2 of 2
Last update:
‎11-25-2015 03:56 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: