Disable SSLv2 and SSLv3 in Data ONTAP 7-mode for CVE-2016-0800 and CVE-2014-3566

NetApp KB1015015 provides information and procedures for disabling SSLv2 and SSLv3 in Data ONTAP operating in 7-Mode and clustered Data ONTAP versions 8.1 though 8.3 for CVE-2016-0800 and CVE-2014-3566.

The procedure is 2-steps: (1) enable tls (disabled by default and must be enabled prior to disabling SSL) and (2) disable SSLv2 and v3.

The following simple PowerShell script will automate performing this procedure on multiple number of 7-mode systems.

It relies on either either specifying filername or providing a .csv list of filernames it can authenticate against.

.CSV file should be formatted as:

#requires -Version 2 -Modules dataontap
        Simple script which automates disabling SSLv2 and SSLv3 in Data ONTAP 7-Mode for CVE-2016-0800 and CVE-2014-3566.

        Uses Set-NaOption to enable tls and disable SSLv2 and v3.

        .PARAMETER filer
        Specifies the name of the NetApp filer. Optional.

        (1) Script will prompt for credentials. Uses same cred for multiple filers.
        (2) If no parameter is specified it will prompt for .csv list of filers. 
        .CSV should be formatted as:

        C:PS> netapp-disable-ssl-7mode.pst 

        C:PS> netapp-disable-ssl-7mode.pst filer1

        Author: David Maldonado
        Date: 09/01/2016
        Version: 1.0 - Initial Script - for 7mode

param( [string[]] $filerinput)  
If ($filerinput -eq $NULL)  
    function Get-FileName($initialDirectory)
        $NULL = [System.Reflection.Assembly]::LoadWithPartialName('System.windows.forms')

        $OpenFileDialog = New-Object -TypeName System.Windows.Forms.OpenFileDialog
        $OpenFileDialog.initialDirectory = $initialDirectory
        $OpenFileDialog.filter = 'All files (*.*)| *.*'
        $NULL = $OpenFileDialog.ShowDialog()
    Write-Host -Object 'No controller specified, please provide source .csv file.' -BackgroundColor Yellow -ForegroundColor Blue 
    $filers = Import-Csv (Get-FileName -initialDirectory 'c:') 
    $filers = $filerinput 

    $filerresults = @() 
    $filerhash = foreach ($filer in $filers)
        $filerresult  = New-Object -TypeName PSObject
        $filerresult  | Add-Member -MemberType NoteProperty -Name 'name' -Value $filer
        $filerresults += $filerresult

    $filers = $filerresults | Select-Object -Property *

Import-Module -Name DataONTAP  
$mycreds = (Get-Credential)
function Disable-7MSSL  
    Connect-NaController -Name $filer.name -Credential $mycreds

    Set-NaOption -OptionName tls.enable -OptionValue on
    if (((Get-NaOption -OptionNames tls.enable).value) -eq 'on') 
        Set-NaOption -OptionName ssl.v2.enable -OptionValue off
        Set-NaOption -OptionName ssl.v3.enable -OptionValue off

Foreach ($filer in $filers)