An SSL profile is a collection of settings for SSL entities. It offers ease of configuration and flexibility. Instead of configuring the settings on each entity, you can configure them in a profile and bind the profile to all the entities that the settings apply to.
The SSL profile infrastructure has been enhanced to use the latest ciphers and protocols. Differences between the legacy profile (old profile) and the enhanced SSL profile (new profile) are highlighted.
Differences between the old and the new SSL profile infrastructure
|Differences||Old Profile||New Profile|
|Ciphers and ECC Curves included in the profile||No||Yes|
|Inserting a cipher or cipher group in the middle of an existing list||Unbind all the ciphers and bind again in the order of the required priority.||Add a cipher and assign it a priority. If a priority is not specified, the cipher is assigned the lowest priority in the list.|
|Unbinding all the ciphers||> unbind ssl vserver <name> ciphername –ALL||unbind ssl profile –cipherName FlushAllCiphers (Release 11.0 build 64.x or later includes the FlushAllCiphers parameter for unbinding all the ciphers or cipher groups from a profile, because ALL is treated like a cipher group.)|
|State of SSLv3||n/a||Disabled on the default front-end profile (ns_default_ssl_profile_frontend). Note: Before you enable this profile, SSLv3 is enabled globally. After enabling the profile, SSLv3 is disabled on the front-end default profile.|