Go to main content

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Exit Print View

» ...Documentation Home » Oracle ZFS Storage Appliance, Release OS8.7.x ... » Oracle^® ZFS Storage Appliance ... » Configuring the Appliance » Configuring SSL/TLS Versions and Ciphers » Configuring SSL/TLS (CLI)

Updated: November 2018

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Document Information

About Oracle ZFS Storage Appliance

Configuring the Appliance

Initial Appliance Configuration

Appliance Cluster Configuration

Cluster Configuration BUI View

Upgrading a Standalone Appliance to a Clustered Configuration (BUI)

Shutting Down a Clustered Configuration (BUI)

Shutting Down a Clustered Configuration (CLI)

Cluster Terminology

Understanding Clustering

Cluster Advantages and Disadvantages

Cluster Interconnect I/O

Cluster Resource Management

Cluster Takeover and Failback

Configuration Changes in a Clustered Environment

Clustering Considerations for Storage

Clustering Considerations for Networking

Private Local IP Interfaces

Clustering Considerations for InfiniBand

Preventing Split-Brain Conditions

Estimating and Reducing Takeover Impact

Network Configuration

Network Configuration (BUI)

Network Configuration (CLI)

Working with Network Configuration

Configuring Management Interfaces

Configuring Network Datalinks

Configuring Network Interfaces

Configuring Network IP MultiPathing (IPMP)

Configuring Network Performance and Availability

Configuring Network Routing

Configuring Storage

Creating a Storage Pool (BUI)

Creating a Storage Pool (CLI)

Importing an Existing Storage Pool (BUI)

Importing an Existing Storage Pool (CLI)

Configuring an All-Flash Storage Pool (BUI)

Configuring an All-Flash Storage Pool (CLI)

Adding a Disk Shelf to an Existing Storage Pool (BUI)

Adding a Disk Shelf to an Existing Storage Pool (CLI)

Adding a Cache, Meta, or Log Device to an Existing Storage Pool (BUI)

Adding a Cache, Meta, or Log Device to an Existing Storage Pool (CLI)

Removing a Cache or Log Device from an Existing Storage Pool (BUI)

Removing a Cache or Log Device from an Existing Storage Pool (CLI)

Unconfiguring a Storage Pool (BUI)

Unconfiguring a Storage Pool (CLI)

Renaming a Storage Pool (BUI)

Renaming a Storage Pool (CLI)

Scrubbing a Storage Pool (BUI)

Scrubbing a Storage Pool (CLI)

Viewing Pool and Device Status (BUI)

Storage Pool Concepts

Data Profiles for Storage Pools

Understanding the Appliance Status

Status Dashboard

Summary of Pool Usage

Summary of Memory Usage

Disk Activity Dashboard

Running the Dashboard Continuously

Status Dashboard Settings

Changing the Displayed Activity Statistics

Changing the Activity Thresholds

Configuring Storage Area Network (SAN)

Configuring FC Port Modes (BUI)

Discovering FC Ports (BUI)

Creating FC Initiator Groups (BUI)

Associating a LUN with an FC Initiator Group (BUI)

Changing FC Port Modes (CLI)

Discovering FC Ports (CLI)

Creating FC Initiator Groups (CLI)

Associating a LUN with an FC Initiator Group (CLI)

Scripting Aliases for Initiators and Initiator Groups (CLI)

Creating an Analytics Worksheet (BUI)

Configuring SAN iSER Targets

Adding an iSCSI Target with an Auto-generated IQN (CLI)

Adding an iSCSI Target with a Specific IQN and RADIUS Authentication (CLI)

Adding an iSCSI Initiator with CHAP Authentication (CLI)

Adding an iSCSI Target Group (CLI)

Adding an iSCSI Initiator Group (CLI)

Configuring SRP Target (BUI)

Configuring SRP Targets (CLI)

Understanding SAN

SAN Fibre Channel Configuration

SAN iSCSI Configuration

SAN iSCSI Initiator Configuration

SAN SRP Configuration

SAN Terminology

Configuring Users

Adding an Administrator or User (BUI)

Adding an Administrator or User (CLI)

Changing a User Password (BUI)

Changing a User Password (CLI)

Editing Exceptions for a User (BUI)

Editing Exceptions for a User (CLI)

Deleting Exceptions for a User (BUI)

Deleting Exceptions for a User (CLI)

Adding a Role (BUI)

Adding a Role (CLI)

Editing Authorizations for a Role (BUI)

Editing Authorizations for a Role (CLI)

Deleting Authorizations from a Role (BUI)

Deleting Authorizations from a Role (CLI)

Adding a User Who Can View the Dashboard

Viewing the Logged-in User

Understanding Users and Roles

User Authorizations

Managing User Properties

Setting Appliance Preferences

Setting Preferences (BUI)

Setting Preferences (CLI)

Setting SSH Public Keys (BUI)

Setting SSH Public Keys (CLI)

Preference Properties

Configuring Alerts

Adding an Alert Action (BUI)

Adding an Alert Action (CLI)

Sending Email Alerts (CLI)

Sending an SNMP Trap (CLI)

Alert Categories

Threshold Alerts

Resuming/Suspending Analytics Datasets and Worksheets

Configuring Certificates

Creating a New Server Certificate (BUI)

Creating a New Server Certificate (CLI)

Uploading CA Certificates from Non-root CAs (BUI)

Uploading CA Certificates from Non-root CAs (CLI)

Viewing CSR and Certificate Details (BUI)

Viewing CSR and Certificate Details (CLI)

Destroying a CSR or Certificate (BUI)

Destroying a CSR or Certificate (CLI)

Setting the Appliance Certificate (BUI)

Setting the Appliance Certificate (CLI)

Uploading Trusted Certificates (BUI)

Uploading Trusted Certificates (CLI)

Viewing Trusted Certificate Details (BUI)

Viewing Trusted Certificate Details (CLI)

Destroying a Trusted Certificate (BUI)

Destroying a Trusted Certificate (CLI)

Assigning a Certificate to a Service (BUI)

Assigning a Certificate to a Service (CLI)

HTTP Strict Transport Security

Enabling HTTP Strict Transport Security (BUI)

Enabling HTTP Strict Transport Security (CLI)

Configuring SSL/TLS Versions and Ciphers

Configuring SSL/TLS (BUI)

Configuring SSL/TLS (CLI)

Appliance Services

Shares and Projects

Shadow Migration

Snapshots and Clones

Remote Replication

Data Encryption

Maintenance Workflows

Language:

Configuring SSL/TLS (CLI)

To configure SSL/TLS versions and ciphers, use the following steps. The versions and at least one of the ciphers must be identical on all appliances that communicate with each other.

Go to configuration settings peer and enter ls to list the SSL/TLS versions and ciphers.
The list of ciphers varies per the versions selected.

Enter the SSL/TLS versions using command set tls_version and the version name.

hostname:configuration settings peer> set tls_version=TLSv1.2
                tls_version = TLSv1.2 (uncommitted)

Enter the ciphers using command set ciphers and the cipher names, separated by commas.

hostname:configuration settings peer> set 
ciphers=AES128-GCM-SHA256,ECDH-ECDSA-AES128-GCM-SHA256
                ciphers = 
AES128-GCM-SHA256,ECDH-ECDSA-AES128-GCM-SHA256 (uncommitted)

Enter commit. To view the versions and ciphers, enter show.

hostname:configuration settings peer> commit
hostname:configuration settings peer> show
Properties:
                tls_version = TLSv1.2
                    ciphers =
AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256
hostname:configuration settings peer>

Copyright © 2009, 2018, Oracle and/or its affiliates. All rights reserved.