Security requirements
The system contains many components that use SSL/TLS, both as clients and servers. The requirement to use only strong SSL/TLS ciphers applies to both.
OpenSSL and Java™ SSL on IBM Spectrum Virtualize are configured to provide unlimited strength encryption. However, before release 7.6.0.0, IBM Spectrum Virtualize Java SSL was in its default configuration, which supports only up to 128-bit encryption.
Table 1 defines the system settings
for the different security levels. When you are configuring a new
system, the default security level is 1.
| Security level | Description | Minimum security allowed |
|---|---|---|
| 1 | Sets the system to disallow SSL version 3.0. | TLS 1.0 |
| 2 | Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1. | TLS 1.2 |
| 3 | Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1 and to allow cipher suites that are exclusive to TLS version 1.2. | TLS 1.2 |
| 4 | Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1 and to allow cipher suites that are exclusive to TLS version 1.2. Sets the system to disallow RSA key exchange ciphers, RSA ciphers for SSH. | TLS 1.2 |
Changing the setting for the SSL/TLS levels necessitates restarting services that use the
protocols and causes existing sessions to be terminated. This action is desirable in that no session
is left working on the old security level. It might take a few minutes for services to become usable
again after you restart the services.
Note: Changing the system security level might cause the web
interface, CIM clients, and other SSL/TLS clients to stop working. If any clients stop working,
refer to the related tasks section for troubleshooting information.