Can SX6036 switches be configured to use TLS 1.2 only on the management port, and if so, how?

I manage multiple systems that include with SX6036 switches. The client uses Qualys to scan for security vulnerabilities, and it’s reporting that the IB Switches are using SSL and / or TLS 1.0 / 1.1.

Can these switches be configured to use TLS 1.2 only on the management port, and if so, how do I set that?

Note - the switches FW is at 3.6.6003, and cannot be changed (due to MRA restrictions).

Thanks.

Hi,

You can use “config# web https ssl ciphers TLS1.2”

gso-sx6036 [standalone: master] (config) # show web

Web User Interface:

Web interface enabled: yes

Web caching enabled: no

HTTP enabled: yes

HTTP port: 80

HTTP redirect to HTTPS: yes

HTTPS enabled: yes

HTTPS port: 443

HTTPS ssl-ciphers: all

HTTPS ssl-renegotiation: yes

HTTPS ssl-secure-cookie: no

HTTPS certificate name: sf579469-3072

Listen enabled: yes

Listen Interfaces:

No interface configured.

Inactivity timeout: 1 hr

Session timeout: 2 hr 30 min

Session renewal: 30 min

Web file transfer proxy:

Proxy enabled: no

Web file transfer certificate authority:

HTTPS server cert verify: yes

HTTPS supplemental CA list: default-ca-list

gso-sx6036 [standalone: master] (config) # web https ssl ciphers ?

SSL mode used for HTTPS

all Use all ciphers

TLS Use only TLS ciphers

TLS1.2 Use only TLS1.2 ciphers

gso-sx6036 [standalone: master] (config) # web https ssl ciphers TLS1.2

gso-sx6036 [standalone: master] (config) #

gso-sx6036 [standalone: master] (config) # show web

Web User Interface:

Web interface enabled: yes

Web caching enabled: no

HTTP enabled: yes

HTTP port: 80

HTTP redirect to HTTPS: yes

HTTPS enabled: yes

HTTPS port: 443

HTTPS ssl-ciphers: TLS1.2

HTTPS ssl-renegotiation: yes

HTTPS ssl-secure-cookie: no

HTTPS certificate name: sf579469-3072

Listen enabled: yes

Listen Interfaces:

No interface configured.

Inactivity timeout: 1 hr

Session timeout: 2 hr 30 min

Session renewal: 30 min

Web file transfer proxy:

Proxy enabled: no

Web file transfer certificate authority:

HTTPS server cert verify: yes

HTTPS supplemental CA list: default-ca-list

gso-sx6036 [standalone: master] (config) #