1. ACLI Reference Guide
  2. ACLI Configuration Elements N-Z
  3. tls-profile

tls-profile

The tls-profile configuration element holds the information required to run SIP over TLS.

Parameters

name
Enter the name of the TLS profile
end-entity-certificate
Enter the name of the entity certification record
trusted-ca-certificates
Enter the names of the trust CA Certificate records
cipher-list
Enter a list of supported ciphers or retain the default value, DEFAULT. For a comprehensive list of ciphers supported by the OCSBC, see the Oracle Communications Session Border Controller Release Notes.
  • Default: DEFAULT
verify-depth
Enter the maximum depth of the certificate chain that will be verified
  • Default: 10
  • Values: Min: 0 / Max: 10
mutual-authenticate
Enable or disable mutual authentication on the Oracle Communications Session Border Controller
  • Default: disabled
  • Values: enabled | disabled
tls-version
Enter the TLS version you want to use with this TLS profile
  • Default: compatibility
  • Values:
    • TLSv1
    • TLS11
    • TLS12
    • compatibility — When the OCSBC negotiates on TLS, it starts with the highest TLS version and works its way down until it finds a compatible version and cipher that works for the other side.

      Note:

      The security-config > sslmin option works in conjunction with the tls-profile's tls-version parameter when it is set to compatibility. For profiles that negotiate to compatible versions, the sslmin option specifies the lowest TLS version allowed.
cert-status-check
Enable or disable OCSP in conjunction with an existing TLS profile.
  • Default: disabled
  • Values: enabled | disabled
cert-status-profile-list
Select an object from the cert-status-profile parameter. In order to enable this parameter, this list must not be empty. If multiple cert-status-profile objects are assigned to cert-status-profile-list, the Oracle Communications Session Border Controller will use a hunt method beginning with the first object on the list.
  • Values: Any valid certificate status profile from cert-status-profile parameter
ignore-dead-responder
Allows local certificate based authentication by the Oracle Communications Session Border Controller in the event of unreachable OCSRs
  • Default: disabled
  • Values: enabled | disabled

Path

tls-profileis an element under the security path. The full path from the topmost prompt is: configure terminal , and then security , and then tls-profile