Product Documentation

Appendix B: Default front-end and back-end SSL profile settings

A default front-end profile has the following settings:

sh ssl profile ns_default_ssl_profile_frontend

1)Name: ns_default_ssl_profile_frontend

     Configuration for Front-End SSL profile
     DH: DISABLED
     Ephemeral RSA: ENABLED          Refresh Count: 0
     Session Reuse: ENABLED          Timeout: 120 seconds
     Non FIPS Ciphers: DISABLED
     Cipher Redirect: ENABLED   Redirect URL: http://10.102.28.212/redirect.html
     Client Auth: DISABLED
     SSL Redirect: DISABLED
     SNI: DISABLED
     SSLv3: DISABLED TLSv1.0: ENABLED  TLSv1.1: ENABLED  TLSv1.2: ENABLED
     Push Encryption Trigger: Always
     PUSH encryption trigger timeout:     1 ms
     Send Close-Notify: YES
     Push flag: 0x0 (Auto)
     Deny SSL Renegotiation          NO
     SSL quantum size:          8 kB
     Strict CA checks:          NO
     Encryption trigger timeout 100 mS
     Encryption trigger packet count:     45
     Use only bound CA certificates: DISABLED
     Subject/Issuer Name Insertion Format: Unicode
     Strict Host Header check for SNI enabled SSL sessions:          NO

     ECC Curve: P_256, P_384, P_521

1)   Cipher Name: AES     Priority :2
     Description: Predefined Cipher Alias

1)   Vserver Name: v1
2)   Vserver Name: nshttps-::1l-443
3)   Vserver Name: nsrpcs-::1l-3008
4)   Vserver Name: nskrpcs-127.0.0.1-3009
5)   Vserver Name: nshttps-127.0.0.1-443
6)   Vserver Name: nsrpcs-127.0.0.1-3008
Done

A default back-end profile has the following settings:

sh ssl profile ns_default_ssl_profile_backend

1)Name: ns_default_ssl_profile_backend

     Configuration for Back-End SSL profile
     Session Reuse: ENABLED          Timeout: 300 seconds
     Non FIPS Ciphers: DISABLED
     Server Auth: DISABLED
     SSLv3: DISABLED TLSv1.0: ENABLED  TLSv1.1: DISABLED  TLSv1.2: DISABLED
     Push Encryption Trigger: Always
     PUSH encryption trigger timeout:     1 ms
     Send Close-Notify: YES
     Push flag: 0x0 (Auto)
     Deny SSL Renegotiation          ALL
     SSL quantum size:          8 kB
     Strict CA checks:          NO
     Encryption trigger timeout 100 mS
     Encryption trigger packet count:     45
     Use only bound CA certificates: DISABLED

     ECC Curve: P_256, P_224, P_521

1)   Cipher Name: AES     Priority :1
     Description: Predefined Cipher Alias

2)   Cipher Name: RC4     Priority :2
     Description: Predefined Cipher Alias

1)   Service Name: s2
2)   Service Name: s1
Done

Appendix B: Default front-end and back-end SSL profile settings

In this article