Hi All - There is a VMS CLI command to change the default minimum TLS version from 1.2 to 1.3 (Required for RPC over TLS). Is there a way to verify that change? What command can be used to verify 1.3?
From client you can run:
# Test TLS 1.2
openssl s_client -connect <example.com or cluster ipaddr>:443 -tls1_2
# Test TLS 1.3
openssl s_client -connect <example.com or cluster ipaddr>:443 -tls1_3
The response I am getting seems like 1.2 is still running and not 1.3.
Any help is appreciated!
Hi @billhill just checking with the team, will follow up soon.
@billhill still waiting to hear back, but I do not see a command to confirm the tls version only to modify tls version.
to clarify, running both commands for # Test TLS 1.2 and # Test TLS 1.3 works OR only 1.2 works?
Just taking a look, have you tried running something as follows:
openssl s_client -connect <host>:443 -tls1_3 -tlsextdebug 2>&1 | grep -i "TLS"
Hello @ram - Thank you for your help and response! I was able to get this working with the help of support. vtools was required to enable TLS 1.3. From there I was able to set default TLS to 1.3. Once this was accomplished, view policy that enforces TLS on NFS was created. Remaining steps were certificate creation and installing/configuring ktls-utils package on SLES.