acsSslVersion

Value Type

keyword-list

Accepted Values

tls | sslv3 | tlsv1 | tlsv1_1 | tlsv1_2 | tlsv1_3

Default Value

tls

Description

This option specifies the SSL or TLS version that will be used by the ACS for HTTPS connections.

The most compatible version is tls, which will negotiate down from TLS 1.3 (most secure) to TLS 1.2 to TLS 1.1 and finally to TLS 1.0 (least secure). All the other versions are strict and require specific support. For example, if the ACS is configured to use tlsv1_2, the CPE’s CWMP client MUST support TLS 1.2 or the connection will fail - the ACS will not negotiate down to a lesser version.

Section 3.3 of TR-069 Amendment 6 states that SSL 3.0 and TLS 1.0 SHOULD NOT be used. Likewise, this section also states that the CPE should use TLS 1.2.