Disabling FIPS
If you are still running an older system configuration and want to configure ONTAP with backward compatibility, you can turn on SSLv3 only when FIPS is disabled.
About this task
The following settings are recommended to disable FIPS:- FIPS = false
- SSL protocol = {SSLv3}
- SSL ciphers = {ALL:!LOW:!aNULL:!EXP:!eNULL}
- Change to advanced privilege level: set -privilege advanced
- Disable FIPS by typing: security config modify -interface SSL -supported-protocols SSLv3
- When prompted to continue, enter y
- Manually reboot each node in the cluster.
florawcluster-1::*> security config modify -interface SSL -supported-protocols SSLv3
Warning: Enabling the SSLv3 protocol may reduce the security of the interface,
and is not recommended.
Do you want to continue? {y|n}: y
Warning: When this command completes, reboot all nodes in the cluster. This is
necessary to prevent components from failing due to an inconsistent
security configuration state in the cluster. To avoid a service
outage, reboot one node at a time and wait for it to completely
initialize before rebooting the next node. Run "security config
status show" command to monitor the reboot status.
Do you want to continue? {y|n}: y
florawcluster-1::*> security config show
Cluster Cluster Security
Interface FIPS Mode Supported Protocols Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL false SSLv3 ALL:!LOW:!aNULL: yes
!EXP:!eNULL
Give documentation feedback