tls-profile
The tls-profile configuration element holds the information required to run SIP over TLS.
Parameters
- name
- Enter the name of the TLS profile
- end-entity-certificate
- Enter the name of the entity certification record
- trusted-ca-certificates
- Enter the names of the trust CA Certificate records
- cipher-list
- Enter the default ALL, or enter a list of supported ciphers which you can find in the TLS section of the ACLI Configuration Guide’s Security chapter.
- Default: all
- verify-depth
- Enter the maximum depth of the certificate chain that will be verified
- Default: 10
- Values: Min: 0 / Max: 10
- mutual-authenticate
- Enable or disable mutual authentication on the
Oracle Communications Session Border Controller
- Default: disabled
- Values: enabled | disabled
- tls-version
- Enter the TLS version you want to use with this TLS profile
- Default: compatability
- Values:
- TLSv1
- SSLv3
- TLS11
- TLS12
- compatibility — When the Oracle Communications Session Border Controller negotiates on TLS, it starts with the highest TLS version and works its way down until it finds a compatible version and cipher that works for the other side.
Note:
The security-config > sslmin option works in conjunction with the tls-profile's tls-version parameter when it is set to compatibility. For profiles that negotiate to compatible versions, the sslmin option specifies the lowest TLS version allowed.
- cert-status-check
- Enable or disable OCSP in conjunction with an existing TLS profile.
- Default: disabled
- Values: enabled | disabled
- cert-status-profile-list
- Select an object from the cert-status-profile parameter. In order to enable this parameter, this list must not be empty. If multiple cert-status-profile objects are assigned to cert-status-profile-list, the
Oracle Communications Session Border Controller will use a hunt method beginning with the first object on the list.
- Values: Any valid certificate status profile from cert-status-profile parameter
- ignore-dead-responder
- Allows local certificate based authentication by the
Oracle Communications Session Border Controller in the event of unreachable OCSRs
- Default: disabled
- Values: enabled | disabled
Path
tls-profileis an element under the security path. The full path from the topmost prompt is:
