TWSD-1806: Requirement of AVX WebUI should be opened on TLS v 1.3

Review Request #1476 — Created March 31, 2026 and submitted — Latest diff uploaded

Information
bsrivalli
AVX2
rel_avx_2_7_6
TWSD-1806
Reviewers
ngurunathan, shuinvy, stevenku, wli 
TLSv1.3 support requires OpenSSL version 1.1.1 or above along with a compatible lighttpd version.Earlier, the lighttpd module was linked against OpenSSL 1.0.2k, which does not provide support for TLSv1.3.As libopenssl-1.1.1 is already available in the project, the build configuration has been updated to link the lighttpd module (mod_openssl.so) with libopenssl-1.1.1.With this change, the WebUI is now capable of establishing connections using TLSv1.3.
AN(config)#sh webui ssl settings

webui ssl settings clientauth disable

webui ssl settings authmandatory enable

webui ssl settings ciphersuites "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384"

webui ssl settings protocol "TLSv12"


AN(config)#webui ssl settings ciphersuites "ECDHE-RSA-AES256-SHA:TLS-AES128-GC$


AN(config)#webui ssl settings protocol "TLSv13"


AN(config)#sh webui ssl settings

webui ssl settings clientauth disable

webui ssl settings authmandatory enable

webui ssl settings ciphersuites "ECDHE-RSA-AES256-SHA:TLS-AES128-GCM-SHA256:TLS-AES256-GCM-SHA384"

webui ssl settings protocol "TLSv13"


curl -kv --tlsv1.3 "https://192.168.162.227:8888"


    

  • 

    About to connect() to 192.168.162.227 port 8888 (#0)
    

    • 

  • 

    Trying 192.168.162.227...
    

    • 

  • 

    Connected to 192.168.162.227 (192.168.162.227) port 8888 (#0)
    

    • 

  • 

    Initializing NSS with certpath: sql:/etc/pki/nssdb
    

    • 

  • 

    skipping SSL peer certificate verification
    

    • 

  • 

    SSL connection using TLS_AES_256_GCM_SHA384
    

    • 

  • 

    Server certificate:
    

    • 

  • 

    subject: E=webui@arraynetworks.net,CN=Array Networks,O="Array Networks, Inc",L=Campbell,ST=CA,C=US
    

    • 

  • 

    start date: Dec 10 06:02:47 2015 GMT
    

    • 

  • 

    expire date: Dec 07 06:02:47 2025 GMT
    

    • 

  • 

    common name: Array Networks
    

    • 

  • 

    issuer: E=webui@arraynetworks.net,CN=Array Networks,O="Array Networks, Inc",L=Campbell,ST=CA,C=US
    

    

    

    GET / HTTP/1.1
    
User-Agent: curl/7.29.0
    
Host: 192.168.162.227:8888
    
Accept: /
    

    < HTTP/1.1 302 Found
    
< Vary: Accept-Language, Cookie
    
< X-Frame-Options: SAMEORIGIN
    
< X-Frame-Options: SAMEORIGIN
    
< Content-Type: text/html; charset=utf-8
    
< Location: https://192.168.162.227:8888/app/
    
< Content-Language: en-us
    
< Set-Cookie: django_language=en; httponly; Path=/; secure
    
< Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
    
< X-Content-Type-Options: nosniff
    
< X-XSS-Protection: 1; mode=block
    
< Content-Security-Policy: default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; object-src 'none' ;
    
< Cache-Control: no-store
    
< Pragma: no-cache
    
< Content-Length: 0
    
< Date: Tue, 31 Mar 2026 07:22:13 GMT
    
<
    

    

    • 

  • 

    Connection #0 to host 192.168.162.227 left intact
    

    •
    Loading...