Force TLS1.2 in HPE/Dell servers, HPE Nimble, Fortinet

TLS 1.1 and below are deprecated, time to update your security posture

In Dell servers:

1. Login via putty or similar to the iDRAC using the root user and credentials
2. Verify the current TLS settings:

racadm -r 123.123.123.123 -u root -p password get idrac.webserver.tlsprotocol

3. Modify to TLS1.2

racadm -r 123.123.123.123 -u root -p password set idrac.webserver.tlsprotocol 2

4. Verify with step #2 that the TLS has changed

In HPE servers (minimum iLO 5):

1. Login to the iLO web interface
2. Browse to Security > Encryption
3. Change the security settings to HighSecurity
4. Apply

In Fortinet firewalls (minimum version 6.4):

1. Connect via putty (or similar) or open the CLI console via the web interface
2. Run the following code block:

config system global
    set ssl-min-proto-version TLSv1-2
    set admin-https-ssl-versions tlsv1-2 tlsv1-3
end

In HPE Nimble storage arrays (version lower than 6, above 6 TLS1.2 is already set by default):

1. Login via SSH to the array
2. run the verification command of current status:

group --info | grep -i tls

Output will be as follows:

TLSv1.0/1.1 enabled: Yes

3. Disable with the following:

group --edit --tlsv1_enabled no

You can verify the new settings via NMAP or your favorite IT monitoring tool