Service Processor Card Security - TLS

Hi,

We would like to improve security on our SP Cards (Service Processor) by disabling TLS 1.0 and 1.1 and removing 3DES cipher. All Storage devices are on ONTAP9.1P1. Our current scenarion when running SSL checkers against the card IPs shows the following output.

testsslserver <SP Card IP Address> 50000
Supported versions:
 TLSv1.0 TLSv1.1 TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
  TLSv1.0
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     RSA_WITH_CAMELLIA_128_CBC_SHA
     RSA_WITH_CAMELLIA_256_CBC_SHA
  (TLSv1.1: idem)
  TLSv1.2
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA256
     RSA_WITH_AES_256_CBC_SHA256
     RSA_WITH_CAMELLIA_128_CBC_SHA
     RSA_WITH_CAMELLIA_256_CBC_SHA
     TLS_RSA_WITH_AES_128_GCM_SHA256
     TLS_RSA_WITH_AES_256_GCM_SHA384
----------------------
Server certificate(s):
  e50304b62d8f97bff54a6a3dbac0eaf1cbdcf6b7: E="", OU="", O="", L="", S="", C="", CN=sp.spcs.server
----------------------
Minimal encryption strength:     strong encryption (96-bit or more)
Achievable encryption strength:  strong encryption (96-bit or more)
BEAST status: vulnerable
CRIME status: protected

The NETAPP device itself has only TLS1.2 only enabled and has resticted ciphers allowed

ie.

<Cluster name>::*> security config show
          Cluster                                              Cluster Security
Interface FIPS Mode  Supported Protocols     Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL       false              TLSv1.2                 AES:!LOW:!MEDIUM: yes
                                                                  !aNULL:!EXP:
                                                                  !eNULL:!3DES

We have asked NETAPP support for assistance with this. There recommendations have centered around altering the storage device Security Config by enabling FIPS. I am not  convinced that this will make any difference whatsoever to the SP card security profile and even it is does it will require Node Reboots to complete the alteration. All of our netapp devices host CIFS shares so unfortunately as a consequence Node reboots will involve some service disruption.

Has anyone else encountered this before and does anyone have any recommendations or knowledge relevant to SP Card security? I am surprised by the lack of available information

thank you,

D