禁用 FIPS
如果您仍在运行较旧的系统配置并希望配置具有向后兼容性的 ONTAP,您可以在禁用 FIPS 时打开 SSLv3。
关于本任务
建议使用以下设置来禁用 FIPS:- FIPS = false
- SSL protocol = {SSLv3}
- SSL ciphers = {ALL:!LOW:!aNULL:!EXP:!eNULL}
- 更改为高级权限级别:set -privilege advanced
- 通过输入以下命令来禁用 FIPS:security config modify -interface SSL -supported-protocols SSLv3
- 在提示继续时,请输入 y
- 手动重新启动集群中的每个节点。
florawcluster-1::*> security config modify -interface SSL -supported-protocols SSLv3
Warning: Enabling the SSLv3 protocol may reduce the security of the interface,
and is not recommended.
Do you want to continue? {y|n}: y
Warning: When this command completes, reboot all nodes in the cluster. This is
necessary to prevent components from failing due to an inconsistent
security configuration state in the cluster. To avoid a service
outage, reboot one node at a time and wait for it to completely
initialize before rebooting the next node. Run "security config
status show" command to monitor the reboot status.
Do you want to continue? {y|n}: y
florawcluster-1::*> security config show
Cluster Cluster Security
Interface FIPS Mode Supported Protocols Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL false SSLv3 ALL:!LOW:!aNULL: yes
!EXP:!eNULL
提供反馈