What ONTAP ciphers are supported for KTLS

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 44

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9.13.1 and higher
KTLS
S3

Answer

ONTAP S3 supports the following protocols listed in the following:

Non-PSK-TLSv1.2
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256

PSK-TLSv1.2
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_256_GCM_SHA384
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
TLS_PSK_WITH_AES_128_GCM_SHA256

TLSv1.3
TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256

Cipher suites not listed in the above list are not officially supported with ONTAP S3.
Make sure at least one cipher suite from the above list below is configured.
Although other protocols may be configed with security config for use , they do not pose a security risk for Ontap S3 because the TLS connections will only use those listed.
These supported protocols were selected for the high degree of security and performance offloading capacity.

Additional Information

CONTAP-101905: Removal of the minimally required TLS cipher suites will adversely affect some applications