Comware

 View Only
  • 1.  Disable SSL 3.0 HPE FF 5700 Switches

    Posted May 22, 2019 04:57 AM

    Hi all

    We have some new HPE Flex Fabric 5700 switches, HPE FF 5700-40XG-2QSFP+ Switch

    Very nice they are too, however they ship with SSL 3.0 enabled.

    I have sent a day trying to figure out how to disbale SSL3.0 and force the web interface onto SSL 1.0 at the very least, but I am still struggling. I cannot see any option in the web gui, or via the telnet login.

    If anyone from HPE could point me in the right direction that would be most welcome.

    Kev

     



  • 2.  RE: Disable SSL 3.0 HPE FF 5700 Switches

    Posted May 22, 2019 08:45 PM

    Forcing SSL 1.0? are you really sure about what you wrote?

    IMHO you probably want to disable SSL 3.0 in favour of TLS 1.0, 1.1 or 1.2.

    IIRC isn't there a CLI command (available in system view mode) like the ssl version { ssl3.0 | tls1.0 | tls1.1 } disable ...clearly it depends on how recent is the running software (and, if available, it requires you disable/enable the https service with undo ip https enable followed by a ip https enable).

    Any feedback on HPE FlexFabric 5700 guides?

    Does HPE FlexFabric 5700 (JG896A) Release Notes document report something interesting about SSL 3.0 (it does, check!)?



  • 3.  RE: Disable SSL 3.0 HPE FF 5700 Switches

    Posted May 23, 2019 04:24 AM

    Thanks for the reply,

    All sorted...

    I have worked out how to disble ssl3.0 so the default will be 1.0 at the very least

    The commands were via telnet and if anyone here wants to know it was a simple case of

    system-view

    ssl version ssl3.0 disable

    So now onto trying to work out how to disbale iP forwarding!

    Thanks

    Kev

     

     

     



  • 4.  RE: Disable SSL 3.0 HPE FF 5700 Switches

    Posted May 23, 2019 07:26 AM

    Hi, exactly as I wrote you above...



  • 5.  RE: Disable SSL 3.0 HPE FF 5700 Switches

    Posted May 23, 2019 08:44 AM

    Yes, sorry, I didnt read youre  reply correctly!

    but thanks again for replying, its appreciated!

     

    Kev