< Home

security version

Function

The security version command specifies SSL protocols that the FW supports.

The undo security version command restores the default setting. By default, the FW supports TLS 1.2.

Format

security version { { tlsv1 | tlsv1.1 | tlsv1.2 } * | all }

undo security version

Parameters

Parameter Description Value

tlsv1

Supports TLS1.0 protocol.

-

tlsv1.1

Supports TLS1.1 protocol.

-

tlsv1.2

Supports TLS1.2 protocol.

-

all

Supports TLS1.0, TLS1.1, and TLS1.2.

-

Views

API view

Default Level

3: Management level

Usage Guidelines

TLS1.0 and TLS1.1 have security risks. TLS1.2 and higher versions are recommended.

When the FW and a client communicate through the RESTCONF the FW functions as the server to provide services for the client. The SSL protocols and encryption algorithms that the server and client support must be consistent. In the SSL negotiation process, the first Hello packet sent by the client contains all supported SSL protocols and encryption algorithms to the server. The server then selects an SSL protocol and encryption algorithm from all. If the server does not support any protocols supported by the client, the SSL negotiation fails.

Example

# Enable the FW to support TLS1.2.

<sysname> system-view
[sysname] api
[sysname-api] security version tlsv1.2
Parent Topic: Northbound Interface Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic