Configuring SSL/TLS Versions and Ciphers

This section describes how to configure SSL/TLS protocol versions and ciphers that Oracle ZFS Storage Appliance uses to communicate with peer systems.

Caution:

To avoid service unavailability, keep the default settings unless otherwise needed or as instructed by Oracle Support.

SSL/TLS ciphers are algorithms used to encrypt and decrypt data as it is transmitted across the network. Configure the SSL/TLS versions and ciphers according to your site's security requirements. Ensure that the source and target systems are configured to support overlapping values.

As of software release OS8.8.67, TLSv1.0 and TLSv1.1 are not supported.

Starting with the OS8.8.69 release, TLS versions 1.2 and 1.3 are supported. The TLS 1.3 ciphers are separate from TLS 1.2 ciphers. If you enable TLS 1.2, you must enable at least one TLS 1.2 cipher. If you enable TLS 1.3, you must enable at least one TLS 1.3 cipher.

Future Oracle ZFS Storage Appliance releases might drop support for older versions and ciphers and versions. Systems that run older firmware might not support newer versions and ciphers. For two systems to communicate, they must share at least one version and at least one cipher. In particular, if one system supports only TLSv1.2, all systems must be configured to allow TLSv1.2.

To configure SSL/TLS, use the following tasks:

• Configuring SSL/TLS (BUI)
• Configuring SSL/TLS (CLI)