Changing SSL/TLS levels for the system using the CLI

Administrators can determine which client systems do not have sufficient security levels and either update them to the higher level or decrease the system security level until these systems are updated.

To change SSL/TLS settings by using the command-line interface, complete these steps:
  1. Enter chsecurity -sslprotocol security_level where security_level is one of the following values:
    Table 1. Supported SSL/TLS security levels.

    Supported SSL/TLS security levels
    Security level Description Minimum security allowed
    1 Sets the system to disallow SSL version 3.0. TLS 1.0
    2 Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1. TLS 1.2
    3 Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1 and to allow cipher suites that are exclusive to TLS version 1.2. TLS 1.2
    Note: Users might lose the connection to the management GUI when the security level is changed. If you loose the connection, use the CLI to decrease the security level to a lower setting.
Parent topic: Managing security