Go to main content

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Exit Print View

» ...Documentation Home » Oracle SuperCluster M8 and SuperCluster M7 ... » Oracle^® SuperCluster M8 and ... » Securing Oracle ILOM » Hardening the Oracle ILOM Security Configuration » Disable Unapproved TLS Protocols for HTTPS

Updated: June 2020

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Document Information

Using This Documentation

Understanding Security Principles

Reviewing the Default Security Configuration

Securing the Hardware

Securing Oracle ILOM

Log in to the Oracle ILOM CLI

Determine the Oracle ILOM Version

(If Required) Enable FIPS-140 Compliant Operation (Oracle ILOM)

Default Exposed Network Services (Oracle ILOM)

Hardening the Oracle ILOM Security Configuration

Disable Unnecessary Services (Oracle ILOM)

Configure HTTP Redirection to HTTPS (Oracle ILOM)

Disable Unapproved Protocols

Disable Unapproved TLS Protocols for HTTPS

Disable SSL Weak and Medium-Strength Ciphers for HTTPS

Disable Unapproved SNMP Protocols (Oracle ILOM)

Configure SNMP v1 and v2c Community Strings (Oracle ILOM)

Replace Default Self-Signed Certificates (Oracle ILOM)

Configure Administrative Browser Interface Inactivity Timeout

Configure the Administrative Interface Timeout (Oracle ILOM CLI)

Configure Login Warning Banners (Oracle ILOM)

Additional Oracle ILOM Resources

Securing the Compute Servers

Securing the ZFS Storage Appliance

Securing the Exadata Storage Servers

Securing the IB and Ethernet Switches

Auditing for Compliance

Keeping SuperCluster M8 and SuperCluster M7 Systems Secure

Language:

Disable Unapproved TLS Protocols for HTTPS

By default, the TLSv1.0, TLSv1.1, and TLSv1.2 protocols are enabled for the HTTPS service.

You can disable one or more TLS protocol versions that do not comply with your security policies.

For security purposes, use TLSv1.2 unless support for older versions of the TLS protocol is required.

On the management network, log in to Oracle ILOM.
See Log in to the Oracle ILOM CLI.

Determine the list of TLS protocol versions that are enabled for the HTTPS service.

-> show /SP/services/https tlsv1 tlsv1_1 tlsv1_2
/SP/services/https
Properties:
tlsv1 = enabled
tlsv1_1 = enabled
tlsv1_2 = enabled

Disable TLSv1.0.

-> set /SP/services/https tlsv1_0=disabled

Disable TLSv1.1.

-> set /SP/services/https tlsv1_1=disabled

Verify the setting by repeating Step 2.

Copyright © 2020, Oracle and/or its affiliates.