Changing TLS protocols
To change the TLS protocol version, use the following CLI command in CONFIG mode:
httpd protocol protocol-list
You can configure the following TLS versions:
•TLSv1
•TLSv1.1
•TLSv1.2.
Enter the versions as a comma-separated list. The updates will be applied to port 8443 and 9090 only. By default, TLSv1 is disabled and TLSv1.1 and TLSv1.2 are enabled on ports 8443 and 9090.
Example:
sentry/config# httpd protocol tlsv1.1,tlsv1.2
Changes will issue restart of httpd service and Sentry system service might be distrupted.
Would you like to proceed? [y/n]: y
sentry/config# do show httpd protocol
+--------+---------------------------
Port + TLS Protocols Enabled
+--------+---------------------------
8443 TLSv1.1,TLSv1.2
9090 TLSv1.1,TLSv1.2
sentry/config#