tls-profile
The tls-profile configuration element holds the information required to run SIP over TLS.
Parameters
- name
- Enter the name of the TLS profile
- end-entity-certificate
- Enter the name of the entity certification record
- trusted-ca-certificates
- Enter the names of the trust CA Certificate records
- cipher-list
- Enter a list of supported ciphers or retain the default value,
DEFAULT. For a comprehensive list of ciphers
supported by the OCSBC, see the
Oracle Communications Session Border Controller Release
Notes.
- Default: DEFAULT
- verify-depth
- Enter the maximum depth of the certificate chain that will be
verified
- Default: 10
- Values: Min: 0 / Max: 10
- mutual-authenticate
- Enable or disable mutual authentication on the
Oracle Communications Session Border Controller
- Default: disabled
- Values: enabled | disabled
- tls-version
- Enter the TLS version you want to use with this TLS profile
- Default: tlsv12
- Values:
- tlsv1
- tlsv11
- tlsv12
- compatibility —
When the OCSBC negotiates on TLS, it starts with the highest TLS version and
works its way down until it finds a compatible version and cipher that works
for the other side.
Note:
The security-config > sslmin option works in conjunction with the tls-profile's tls-version parameter when it is set to compatibility. For profiles that negotiate to compatible versions, the sslmin option specifies the lowest TLS version allowed.
- cert-status-check
- Enable or disable OCSP in conjunction with an existing TLS
profile.
- Default: disabled
- Values: enabled | disabled
- cert-status-profile-list
- Select an object from the cert-status-profile parameter. In order
to enable this parameter, this list must not be empty. If multiple
cert-status-profile objects are assigned to cert-status-profile-list, the
Oracle Communications Session Border Controller will use a hunt method beginning with the first
object on the list.
- Values: Any valid certificate status profile from cert-status-profile parameter
- ignore-dead-responder
- Allows local certificate based authentication by the
Oracle Communications Session Border Controller in the event of unreachable OCSRs
- Default: disabled
- Values: enabled | disabled
- allow-self-signed-cert
- Allows self-signed certificate for Message Session Relay Protocol.
- Default: disabled
- Values: enabled | disabled
Path
tls-profileis an element under the security path. The full path from the topmost prompt is: