config firewall ssl setting
SSL proxy settings.
config firewall ssl setting
Description: SSL proxy settings.
set proxy-connect-timeout {integer}
set ssl-dh-bits [768|1024|...]
set ssl-send-empty-frags [enable|disable]
set no-matching-cipher-action [bypass|drop]
set cert-cache-capacity {integer}
set cert-cache-timeout {integer}
set session-cache-capacity {integer}
set session-cache-timeout {integer}
set kxp-queue-threshold {integer}
set ssl-queue-threshold {integer}
set abbreviate-handshake [enable|disable]
end
config firewall ssl setting
Parameter name |
Description |
Type |
Size |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
proxy-connect-timeout |
Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30). |
integer |
Minimum value: 1 Maximum value: 60 |
||||||||||
ssl-dh-bits |
Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). |
option |
- |
||||||||||
|
|
||||||||||||
ssl-send-empty-frags |
Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). |
option |
- |
||||||||||
|
|
||||||||||||
no-matching-cipher-action |
Bypass or drop the connection when no matching cipher is found. |
option |
- |
||||||||||
|
|
||||||||||||
cert-cache-capacity |
Maximum capacity of the host certificate cache (0 - 500, default = 200). |
integer |
Minimum value: 0 Maximum value: 500 |
||||||||||
cert-cache-timeout |
Time limit to keep certificate cache (1 - 120 min, default = 10). |
integer |
Minimum value: 1 Maximum value: 120 |
||||||||||
session-cache-capacity |
Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500). |
integer |
Minimum value: 0 Maximum value: 1000 |
||||||||||
session-cache-timeout |
Time limit to keep SSL session state (1 - 60 min, default = 20). |
integer |
Minimum value: 1 Maximum value: 60 |
||||||||||
kxp-queue-threshold |
Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16). |
integer |
Minimum value: 0 Maximum value: 512 |
||||||||||
ssl-queue-threshold |
Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32). |
integer |
Minimum value: 0 Maximum value: 512 |
||||||||||
abbreviate-handshake |
Enable/disable use of SSL abbreviated handshake. |
option |
- |
||||||||||
|
|