Instructions
Facts:
Unity 4.3 and later
Disabling TLS 1.0 is not available on Unity Operating Environment 4.2.1 or earlier.
Procedure:
This procedure is run using UEMCLI as service user.
Note: Instructions for using UEMCLI are in articleDell Unity: How to use Unisphere CLI (UEMCLI) commands.
Note: UEMCLI clients 5.0.2 and earlier do not support TLSv1.2. If TLSv1.1 is disabled on Unity, the old UEMCLI clients cannot connect with Unity. Upgrade to UEMCLI client version 5.0.3 or later to ensure support for TLSv1.2.
If FIPS PUB 140-2 compliant is enabled, Unity uses TLS v1, TLS v1.1, and TLS v1.2 with communication only through Federal compliant ciphers.
Disable TLS 1.0 on Unity OE 5.1 and later arrays on using the below steps.
- Show the current settings with the command:
uemcli -u admin -password <Your Password> /sys/security show
- Disable TLS 1.0 with the command:
uemcli -u admin -password <Your Password> /sys/security set -tlsMode TLSv1.1
Alternatively, you can disable TLS 1.0 and 1.1 by setting -tlsMode TLSv1.2.
uemcli -u admin -password <Your Password> /sys/security set -tlsMode TLSv1.2
In case the array is running OE 4.3 to 5.0, disable TLS 1.0 by using the below steps:
-
Show the current settings with the command:
uemcli -u admin -password <Your Password> /sys/security show
-
Disable TLS 1.0 with the command:
uemcli -u admin -password <Your Password> /sys/security set -tls1Enabled no
Example for the above commands:
XXXXX spb:~> uemcli -u admin -password Password1234# /sys/security showStorage system address: 127.0.0.1Storage system port: 443HTTPS connection1: FIPS 140 mode = disabled TLS mode = TLSv1.0 and above Restricted shell mode = enabledXXXXXspb:~> uemcli -u admin -password Password1234# /sys/security set -tlsMode TLSv1.1Storage system address: 127.0.0.1Storage system port: 443HTTPS connectionPlease refer to the Security Configuration Guide for backward compatibility.This change may impact running operations (e.g. replication) and the management services will be automatically restarted for the change to take effect.Do you want to continue?yes / no: yesOperation completed successfully.XXXXXspb:~> uemcli -u admin -password Password1234# /sys/security showStorage system address: 127.0.0.1Storage system port: 443HTTPS connection1: FIPS 140 mode = disabled TLS mode = TLSv1.1 and above Restricted shell mode = enabled
If the user has special characters in the password, use the below commands. When prompted for the password, enter the user password with special characters:
uemcli -u admin -securepassword /sys/security showuemcli -u admin -securepassword /sys/security set -tlsMode TLSv1.2
Additional information:
- This procedure restarts management server. You must wait until you can run the
show
command again (and login to Unisphere). - This change may impact running operations which use management servers (for example, replication).
- If you are unable to log in to Unisphere with LDAP user after disabling TLS 1.0, seearticle Dell Unity: Unisphere UI fails to log in as LDAP User with error "The logged in user is not authorized to access Unisphere" when TLS1.0 is disabled at LDAP Server [Dell Correctable].
Affected Products
Dell EMC Unity Family
Products
Dell EMC Unity Family