Viewing the ssl options section, Ssl options section components – HP Secure Key Manager User Manual

Page 182

Advertising
background image

IMPORTANT:

Some web browsers, including Internet Explorer 6.0, do not have TLS 1.0 enabled by default. If you
disable SSL 2.0 and 3.0, please check first that your browser has TLS 1.0 enabled. (In Internet Explorer,
select Internet Options from the Tools menu, click the Advanced tab, scroll down to the Security section,
and make sure the "Use TLS 1.0" checkbox is checked.)

Figure 98 Viewing the SSL Options section

NOTE:

Changes to the SSL Options cause the KMS Server to restart, which takes the KMS offline for a few
seconds.

The following table describes the components of the SSL Options section.

Table 79 SSL Options section components

Description

Component

The Allowed Protocols field allows you to specify which versions of SSL and TLS are
enabled on the SKM. The supported protocols are:

SSL 2.0 (Secure Sockets Layer version 2.0): This protocol is disabled by default
because it has many known security vulnerabilities. We strongly recommend that
you not enable this protocol.

SSL 3.0 (Secure Sockets Layer version 3.0).

TLS 1.0 (Transport Layer Security version 1.0).

NOTE:

If your internet browser is not configured to use the protocol selected here you
will be denied access to the Management Console. Consult and alter your
browser settings before changing these values.

NOTE:

Enabling SSL 2.0 or 3.0 on a FIPS-compliant device will take the device out of
FIPS compliance - possibly in a manner that does not comply with FIPS standards.
For information on disabling FIPS compliance, see

FIPS Compliance

.

Allowed Protocols

The Session Key Timeout option specifies the number of seconds that a previously
negotiated session key is reused for incoming SSL client connections to the SKM. This
option determines how frequently key renegotiation takes place on the client applica-
tion. The default value is 7200 seconds (2 hours). Setting this value to 0 disables the
time-out.

Session Key Timeout
(sec)

Click Edit to modify the SSL options.

Edit

Using the Management Console

182

Advertising
Popular Brands
Popular manuals