Go to main content

Oracle® ZFS Storage Appliance RESTful API 설명서, 릴리스 OS8.8.0

인쇄 보기 종료

업데이트 날짜: 2018년 11월
 
 

보안 프로토콜 및 암호화 설정

기본적으로 SSL/TLS 프로토콜 버전 TLSv1.1, TLSv1.2 및 연관된 암호화가 사용으로 설정되어 있습니다. TLSv1.0은 HTTPS 서비스로 PUT 요청을 전송하여 tls_version 등록 정보 설정을 통해 사용으로 설정할 수 있습니다.

요청 예:

PUT /api/service/v1/services/https HTTP/1.1
Host: zfs-storage.example.com
Content-Type: application/json

{ "tls_version":  ["TLSv1.0", "TLSv1.1", "TLSv1.2"] }

결과 예(가독성을 위해 인위적으로 줄바꿈이 설정됨):

HTTP/1.1 202 Accepted
Content-Length: 1265
X-Zfssa-Service-Api: 1.1
X-Zfssa-Api-Version: 1.0
Content-Type: application/json; charset=utf-8

{
"service": {
"href": "/api/service/v1/services/https",
"<status>": "online",
"tls_version": "TLSv1 TLSv1.1 TLSv1.2",
"ciphers": "SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:
DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-
RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-
SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-
SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-
CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-
SHA:CAMELLIA256-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-
CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-
SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:
DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:
DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-
SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-
3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:
DH-DSS-DES-CBC3-SHA:DES-CBC3-SHA"
}
}

TLSv1.0만 사용으로 설정하려면 ciphers 등록 정보를 TLSv1.0에 대해서만 사용 가능한 암호화 목록으로 설정합니다.

요청 예(가독성을 위해 인위적으로 줄바꿈이 설정됨):

PUT /api/service/v1/services/https HTTP/1.1
Host: zfs-storage.example.com
Content-Type: application/json

{
"tls_version":  ["TLSv1.0"] , 
"ciphers" : ["SRP-DSS-AES-256-CBC-SHA", "SRP-RSA-AES-256-CBC-SHA", "SRP-AES-256-CBC-SHA",
"DHE-RSA-AES256-SHA", "DHE-DSS-AES256-SHA", "DH-RSA-AES256-SHA", "DH-DSS-AES256-SHA",
"DHE-RSA-CAMELLIA256-SHA", "DHE-DSS-CAMELLIA256-SHA", "DH-RSA-CAMELLIA256-SHA",
"DH-DSS-CAMELLIA256-SHA", "AES256-SHA", "CAMELLIA256-SHA", "SRP-DSS-AES-128-CBC-SHA",
"SRP-RSA-AES-128-CBC-SHA", "SRP-AES-128-CBC-SHA", "DHE-RSA-AES128-SHA", "DHE-DSS-AES128-SHA",
"DH-RSA-AES128-SHA", "DH-DSS-AES128-SHA", "DHE-RSA-CAMELLIA128-SHA", "DHE-DSS-CAMELLIA128-SHA",
"DH-RSA-CAMELLIA128-SHA", "DH-DSS-CAMELLIA128-SHA", "AES128-SHA", "CAMELLIA128-SHA",
"SRP-DSS-3DES-EDE-CBC-SHA", "SRP-RSA-3DES-EDE-CBC-SHA", "SRP-3DES-EDE-CBC-SHA",
"EDH-RSA-DES-CBC3-SHA", "EDH-DSS-DES-CBC3-SHA", "DH-RSA-DES-CBC3-SHA", "DH-DSS-DES-CBC3-SHA",
"DES-CBC3-SHA"] 
}

결과 예(가독성을 위해 인위적으로 줄바꿈이 설정됨):

HTTP/1.1 202 Accepted
Content-Length: 809
X-Zfssa-Service-Api: 1.1
X-Zfssa-Api-Version: 1.0
Content-Type: application/json; charset=utf-8

{
"service": {
"href": "/api/service/v1/services/https",
"<status>": "online",
"tls_version": "TLSv1",
"ciphers": "SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-
CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-
SHA:AES256-SHA:CAMELLIA256-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-
AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-
AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:
DH-DSS-CAMELLIA128-SHA:AES128-SHA:CAMELLIA128-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-
3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-
RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:DES-CBC3-SHA"
}
}

주 -  RESTful API 또는 BUI 사용이 차단되지 않도록 하려면 오라클 고객지원센터의 요구 또는 지침이 없는 한 tls_versionciphers 등록 정보에 대한 기본 설정을 유지하십시오.