Use TLS instead of SSL legacy with xenserver .

How to disable SSL legacy when TLS is in place.


Security

With this release, XenServer will accept connections using the TLS 1.2 security protocol. If required,

you can mandate that XenServer only accepts connections using TLS 1.2, and not allow earlier versions.

Customers can mandate the use of TLS 1.2 and disable earlier versions by doing one of the following:

1. In XenCenter, in the Pool Properties dialog, go to Security, and select the checkbox TLS 1.2

only

2. On the xe command line enter: xe pool-disable-ssl-legacy

Note: Before switching the security protocol to accept communication over TLS 1.2 only, you MUST

ensure that any appliances (including third-party appliances) that communicate with the XenServer

pool are compatible with TLS 1.2.

If you are writing a client program that communicates to XenServer using an SDK, or updating an

existing client program to communicate with XenServer 7.0, and would like to use TLS 1.2, you may

need certain minimum versions of your libraries, or insert extra lines in your program.

C#

C# requires at least .NET v4.5 and Visual Studio 2013. By default, .NET 4.5 will not connect using TLS

1.2; to use TLS 1.2 you will need to add the following line at the start of your program:

To restrict connections to hosts using TLS 1.2:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Or, to connect to hosts using any version of TLS:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls |

SecurityProtocolType.Tls12;

PowerShell

PowerShell requires at least .NET 4.5 and PowerShell 4. To use TLS 1.2 you will need to add the

following line at the start of your program:

To restrict connections to hosts using TLS 1.2:

[Net.ServicePointManager]::SecurityProtocol=’tls12′

Or, to connect to hosts using any version of TLS:

[Net.ServicePointManager]:: SecurityProtocol=’tls,tls11,tls12′

Java

In order to use TLS v1.2 by default, you will need to use Java 8.

C and Python

C and Python require OpenSSL v1.0.1 or higher

Related:

  • No Related Posts

Leave a Reply