Disable SSLv2 and SSLv3 in Data ONTAP 7-mode for CVE-2016-0800 and CVE-2014-3566

NetApp KB1015015 provides information and procedures for disabling SSLv2 and SSLv3 in Data ONTAP operating in 7-Mode and clustered Data ONTAP versions 8.1 though 8.3 for CVE-2016-0800 and CVE-2014-3566.

The procedure is 2-steps: (1) enable tls (disabled by default and must be enabled prior to disabling SSL) and (2) disable SSLv2 and v3.

The following simple PowerShell script will automate performing this procedure on multiple number of 7-mode systems.

It relies on either either specifying filername or providing a .csv list of filernames it can authenticate against.

.CSV file should be formatted as:

#requires -Version 2 -Modules dataontap
<#  
        .SYNOPSIS           
        Simple script which automates disabling SSLv2 and SSLv3 in Data ONTAP 7-Mode for CVE-2016-0800 and CVE-2014-3566.

        .DESCRIPTION
        Uses Set-NaOption to enable tls and disable SSLv2 and v3.

        .PARAMETER filer
        Specifies the name of the NetApp filer. Optional.

        .NOTES
        (1) Script will prompt for credentials. Uses same cred for multiple filers.
        (2) If no parameter is specified it will prompt for .csv list of filers. 
        .CSV should be formatted as:
        name
        filer1
        filer2

        .EXAMPLE
        C:PS> netapp-disable-ssl-7mode.pst 

        .EXAMPLE
        C:PS> netapp-disable-ssl-7mode.pst filer1

        Author: David Maldonado
        Date: 09/01/2016
        Version: 1.0 - Initial Script - for 7mode
#>

param( [string[]] $filerinput)  
If ($filerinput -eq $NULL)  
{ 
    function Get-FileName($initialDirectory)
    {   
        $NULL = [System.Reflection.Assembly]::LoadWithPartialName('System.windows.forms')

        $OpenFileDialog = New-Object -TypeName System.Windows.Forms.OpenFileDialog
        $OpenFileDialog.initialDirectory = $initialDirectory
        $OpenFileDialog.filter = 'All files (*.*)| *.*'
        $NULL = $OpenFileDialog.ShowDialog()
        $OpenFileDialog.filename
    } 
    Write-Host -Object 'No controller specified, please provide source .csv file.' -BackgroundColor Yellow -ForegroundColor Blue 
    $filers = Import-Csv (Get-FileName -initialDirectory 'c:') 
}
Else  
{
    $filers = $filerinput 

    $filerresults = @() 
    $filerhash = foreach ($filer in $filers)
    {
        $filerresult  = New-Object -TypeName PSObject
        $filerresult  | Add-Member -MemberType NoteProperty -Name 'name' -Value $filer
        $filerresults += $filerresult
    }

    $filers = $filerresults | Select-Object -Property *
}

Import-Module -Name DataONTAP  
$mycreds = (Get-Credential)
function Disable-7MSSL  
{
    Connect-NaController -Name $filer.name -Credential $mycreds

    Set-NaOption -OptionName tls.enable -OptionValue on
    if (((Get-NaOption -OptionNames tls.enable).value) -eq 'on') 
    {
        Set-NaOption -OptionName ssl.v2.enable -OptionValue off
        Set-NaOption -OptionName ssl.v3.enable -OptionValue off
    }
}

Foreach ($filer in $filers)  
{
    Disable-7MSSL
}