How to Disable TLS 1.0 and TLS 1.1 in ONTAP 9.9.1 and later
Applies to
- ONTAP 9.9.1 and later
- ONTAP Select
- MetroCluster
- ONTAP System Manager
- security config show
Description
The security config modify command modifies the existing cluster-wide security configuration.
- If you enable the FIPS-compliant mode, the cluster automatically selects supported TLS protocols TLSv1.3,TLSv1.2,TLSv1.1.
- Use the
-supported-protocols
parameter to include or exclude TLS protocols independently from FIPS mode. - By default, FIPS mode is disabled, and ONTAP supports the TLSv1.3, TLSv1.2, and TLSv1.1 protocols.
- Starting in 9.9.1, a reboot is no longer required to apply the security configuration.