Use the chsecurity command to change
the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) security
settings for a clustered system (system).
Syntax
chsecurity -sslprotocolsecurity_level
Parameters
- -sslprotocolsecurity_level
- (Required) Specifies the numeric value for the security level
setting, which can take any value from 1 to 3.
A
security level setting of:
- 1 disallows SSL 3.0
- 2 allows TLS 1.2 only
- 3 additionally disallows TLS 1.2 cipher suites
that are not exclusive to 1.2
Description
This
command changes the SSL or TLS security settings on a clustered system.
Important: If you use SSL or TLS, changing the
security could disrupt these services.
If this
occurs:
- Wait 5 minutes and try again. (Wait for any services to restart.)
- Confirm that the SSL or TLS implementation is up to date and supports
the specified level of security.
- If necessary, revert to an earlier version of SSL or TLS security.
An invocation example
chsecurity -sslprotocol 3
The resulting output:
Changing the security level could disable the GUI connection. If this
happens use the CLI prompt to change to a known good level. Are you
sure you wish to continue? (y/yes to confirm)