Manage HTTPS Settings

You can view and modify HTTPS service properties using these commands.

Note:

SSO configuration is part of the HTTPS service. For details, see Configure Single Sign-On for the BUI Login.

Example 16-1 List HTTPS Service Properties

Example Request:

GET /api/service/v2/services/https HTTP/1.1
Host: zfs-storage.example.com:215
X-Auth-Session: uerqghq84vbdmRFN2bY4xdxHHC56q4

Example Result:

{
    "service": {
        "href": "/api/service/v2/services/https",
        "<status>": "online",
        "tls_version": [
            "TLSv1.2",
            "TLSv1.3"
        ],
        "ciphers": [
            "TLS_AES_256_GCM_SHA384",
            "TLS_AES_128_GCM_SHA256",
            "ECDHE-ECDSA-AES128-GCM-SHA256",
            "ECDHE-ECDSA-AES256-GCM-SHA384",
            "ECDHE-RSA-AES128-GCM-SHA256",
            "ECDHE-RSA-AES256-GCM-SHA384"
        ],
        "permit_root_login": true,
        "session_timeout": 900,
        "hsts_enable": false,
        "hsts_max_age": 63072000
    }
}

Note:

Depending on the appliance configuration, the HTTPS service response can include additional properties and child resources, such as SSO properties, Service Provider registration metadata, and certificate resources.

Example 16-2 Configure SSL/TLS Versions and Ciphers

Example Request:

PUT /api/service/v2/services/https HTTP/1.1
Host: zfs-storage.example.com:215
Content-Type: application/json
X-Auth-Session: uerqghq84vbdmRFN2bY4xdxHHC56q4

{
    "tls_version": [
        "TLSv1.2"
    ],
    "ciphers": [
        "ECDHE-ECDSA-AES128-GCM-SHA256",
        "ECDHE-ECDSA-AES256-GCM-SHA384",
        "ECDHE-RSA-AES128-GCM-SHA256",
        "ECDHE-RSA-AES256-GCM-SHA384"
        "ECDHE-ECDSA-AES256-CCM",
        "ECDHE-ECDSA-AES128-CCM"
    ]
}

Example Result:

{
    "service": {
        "href": "/api/service/v2/services/https",
        "<status>": "online",
        "tls_version": [
            "TLSv1.2"
        ],
        "ciphers": [
            "ECDHE-ECDSA-AES128-GCM-SHA256",
            "ECDHE-ECDSA-AES256-GCM-SHA384",
            "ECDHE-RSA-AES128-GCM-SHA256",
            "ECDHE-RSA-AES256-GCM-SHA384"
            "ECDHE-ECDSA-AES256-CCM",
            "ECDHE-ECDSA-AES128-CCM"
        ],
        "permit_root_login": true,
        "session_timeout": 900,
        "hsts_enable": false,
        "hsts_max_age": 63072000
    }
}

Example 16-3 Configure Session Timeout

Example Request:

PUT /api/service/v1/services/https HTTP/1.1
Host: zfs-storage.example.com:215
Content-Type: application/json
X-Auth-Session: uerqghq84vbdmRFN2bY4xdxHHC56q4

{
    "session_timeout": 300
}

Example Result:

{
    "service": {
        "href": "/api/service/v1/services/https",
        "<status>": "online",
        "tls_version": "default",
        "permit_root_login": true,
        "session_timeout": 300,
        "hsts_enable": false,
        "hsts_max_age": 63072000
    }
}

Example 16-4 Configure HTTP Strict Transport Security

Example Request:

PUT /api/setting/v2/security HTTP/1.1
Host: zfs-storage.example.com:215
Content-Type: application/json
X-Auth-Session: uerqghq84vbdmRFN2bY4xdxHHC56q4

{
    "hsts_enable": true,
    "hsts_max_age": 63072000
}

Example Result:

{
    "security": {
        "href": "/api/setting/v2/security",
        "hsts_enable": true,
        "hsts_max_age": 63072000
    }
}