Disabling SSL protocol versions for the SSL server
About disabling SSL protocol versions for the SSL server
To enhance system security, you can disable the SSL server from using specific SSL protocol versions (SSL 3.0, TLS 1.0, and TLS 1.1) for session negotiation.
Restrictions and guidelines
Disabling an SSL protocol version does not affect the availability of earlier SSL protocol versions. For example, if you execute the ssl version tls1.1 disable command, TLS 1.1 is disabled but TLS 1.0 is still available for the SSL server.
Procedure
Enter system view.
system-view
Disable SSL protocol versions for the SSL server.
In non-FIPS mode:
ssl version { ssl3.0 | tls1.0 | tls1.1 } * disable
By default, the SSL server supports SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.
In FIPS mode:
ssl version { tls1.0 | tls1.1 } * disable
By default, the SSL server supports TLS 1.0, TLS 1.1, and TLS 1.2.