The ssl element can contain the following subelements:
Table 3–51 List of ssl Subelements
Element |
Occurrences |
Description |
---|---|---|
enabled |
0 or 1 |
Determines whether SSL/TLS is enabled at runtime. The default value is true. |
server-cert-nickname |
0 or more |
The nickname of the certificate that server presents to the clients. You can specify zero or one RSA certificates, plus zero or one ECC certificates. |
ssl2 |
0 or 1 |
Determines whether SSL2 connections are accepted. The default value is false. |
ssl3 |
0 or 1 |
Determines whether SSL3 connections are accepted. The default value is true. |
tls |
0 or 1 |
Determines whether TLS connections are accepted. The default value is true. |
tls-rollback-detection |
0 or 1 |
Determines whether the server detects and blocks TLS version rollback attacks. The default value is true. |
ssl2-ciphers |
0 or 1 |
Configures the SSL2 cipher suites. For more details, see ssl2-ciphers. |
ssl3-tls-ciphers |
0 or 1 |
Configures the SSL3 and TLS cipher suites. For more details, see ssl3-tls-ciphers. |
client-auth |
0 or 1 |
The method of client certificate authentication. The value can be required, optional, or false. |
client-auth-timeout |
0 or 1 |
The timeout (in seconds) after which client authentication handshake fails. The value can be from 0.001 to 3600. |
max-client-auth-data |
0 or 1 |
The maximum amount of application-level data to buffer during a client authentication handshake. The value can be from 0 to 2147483647. |