Note that as part of ongoing enhancements to security, DDOS 6.1 and DDMC 6.1 (release numbering has been made the same starting with 6.1, so the next code family for DDMC after DDMC 2.0.1 is DDMC 6.1) have had TLS left as the only available security protocol, and while it supports versions 1.0 through 1.2, these releases force the use of algorithms only available for TLS 1.2 only. That makes it impossible for a DDMC 6.1 to communicate with managed DDOS 5.7.3.0 and earlier, despite that being allowed in the compatibility table. See DDMC 6.1 and later unable to manage DD running DDOS 5.7 earlier than 5.7.4.0 for more details.
DDMC 6.1 (which shares the version numbering and code base with DDOS 6.1) was supposedly able to manage and handle DDs running on any DDOS 5.7.x release.
However, it seems testing conducted did not include all possible DDOS 5.7.x versions, and it was later found out DDMC 6.1 was not able to manage remote DDs running DDOS 5.7.3.0 or earlier.
With DDMC 6.1 changes were made to the supported security algorithms used for communication, so that only TLS 1.2 was allowed. The reason for doing so is both SSL 3 as well as TLS 1.0 and TLS 1.1 are known to have weaknesses which could make it possible for an attacker to more easily than designed snoop into traffic.
rhatguy1
6 Posts
0
January 26th, 2017 18:00
Thanks...can TLS 1.0 and TLS 1.1 be completely disabled or are they disabled by default in 5.7.3 onward?
rhatguy1
6 Posts
0
February 1st, 2017 05:00
Anyone know if TLS 1.0 and TLS 1.1 can be completely disabled on a DataDomain with recent code?
dan3413
1 Rookie
•
8 Posts
0
March 15th, 2018 11:00
Did anyone get an answer to this? Due to PCI requirements I need the ability to disable TLS 1.0
rhatguy1
6 Posts
0
March 16th, 2018 06:00
Check the following two pages. They contain some information which seems to indicate that version 6.1 removed support for TLS1.0
https://support.emc.com/kb/334618
Note that as part of ongoing enhancements to security, DDOS 6.1 and DDMC 6.1 (release numbering has been made the same starting with 6.1, so the next code family for DDMC after DDMC 2.0.1 is DDMC 6.1) have had TLS left as the only available security protocol, and while it supports versions 1.0 through 1.2, these releases force the use of algorithms only available for TLS 1.2 only. That makes it impossible for a DDMC 6.1 to communicate with managed DDOS 5.7.3.0 and earlier, despite that being allowed in the compatibility table. See DDMC 6.1 and later unable to manage DD running DDOS 5.7 earlier than 5.7.4.0 for more details.
https://support.emc.com/kb/518510
DDMC 6.1 (which shares the version numbering and code base with DDOS 6.1) was supposedly able to manage and handle DDs running on any DDOS 5.7.x release.
However, it seems testing conducted did not include all possible DDOS 5.7.x versions, and it was later found out DDMC 6.1 was not able to manage remote DDs running DDOS 5.7.3.0 or earlier.
With DDMC 6.1 changes were made to the supported security algorithms used for communication, so that only TLS 1.2 was allowed. The reason for doing so is both SSL 3 as well as TLS 1.0 and TLS 1.1 are known to have weaknesses which could make it possible for an attacker to more easily than designed snoop into traffic.
rugby01
85 Posts
0
March 16th, 2018 06:00
DDOS 6.1 uses TLS 1.2, upgrade and your fine
dan3413
1 Rookie
•
8 Posts
0
March 16th, 2018 06:00
Thanks! So if we goto 6.1 does it then disable TLS 1.0 and 1.1? We are currently running 6.0.2.0 - so thats not too far away
kevinstanford
7 Posts
0
June 27th, 2018 09:00
we too are running 6.0.2.0 .. can this disable TLS1.0? or do we need to upgrade?
dan3413
1 Rookie
•
8 Posts
0
June 27th, 2018 09:00
6.1 is required to disable TLS 1.0
dan3413
1 Rookie
•
8 Posts
0
October 22nd, 2018 11:00
Does anyone know how to disable TLS 1.0 on vProxy? I know that vProxy runs on top of SuSe Linux - but have no idea how to fix this at the OS level.
sharmp33
1 Message
0
March 29th, 2021 22:00
In DDOS 6.x and later, by default system uses Transport Layer Security (TLS) 1.2 version. TLS 1.0 and 1.1 can be disabled manually.