Product Documentation

ssl dtlsProfile

Sep 12, 2016

The following operations can be performed on "ssl dtlsProfile":

add | rm | set | unset | show

add ssl dtlsProfile

Create a new DTLS profile on the NetScaler ADC.

Synopsys

add ssl dtlsProfile <name> [-pmtuDiscovery ( ENABLED | DISABLED )] [-maxRecordSize <positive_integer>] [-maxRetryTime <positive_integer>] [-helloVerifyRequest ( ENABLED | DISABLED )] [-terminateSession ( ENABLED | DISABLED )] [-maxPacketSize <positive_integer>]

Arguments

name

Name for the DTLS profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@),equals sign (=), and hyphen (-) characters. Cannot be changed after the profile is created.

pmtuDiscovery

Source for the maximum record size value. If ENABLED, the value is taken from the PMTU table. If DISABLED, the value is taken from the profile.

Possible values: ENABLED, DISABLED

Default value: DISABLED

maxRecordSize

Maximum size of records that can be sent if PMTU is disabled.

Default value: 1459

Minimum value: 250

Maximum value: 1459

maxRetryTime

Wait for the specified time, in seconds, before resending the request.

Default value: 3

Minimum value: 0

helloVerifyRequest

Send a Hello Verify request to validate the client.

Possible values: ENABLED, DISABLED

Default value: DISABLED

terminateSession

Terminate the session if the message authentication code (MAC) of the client and server do not match.

Possible values: ENABLED, DISABLED

Default value: DISABLED

maxPacketSize

Maximum number of packets to reassemble. This value helps protect against a fragmented packet attack.

Default value: 120

Minimum value: 0

Maximum value: 86400

Example

add dtlsProfile dtls1 -helloVerifyRequest  ENABLED -maxRetryTime 4

rm ssl dtlsProfile

Remove a DTLS profile on the Netscaler

Synopsys

rm ssl dtlsProfile <name>

Arguments

name

Name of the DTLS profile

Example

rm dtlsprofile <profile name>

set ssl dtlsProfile

Set/modify DTLS profile values

Synopsys

set ssl dtlsProfile <name> [-pmtuDiscovery ( ENABLED | DISABLED )] [-maxRecordSize <positive_integer>] [-maxRetryTime <positive_integer>] [-helloVerifyRequest ( ENABLED | DISABLED )] [-terminateSession ( ENABLED | DISABLED )] [-maxPacketSize <positive_integer>]

Arguments

name

Name for the DTLS profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@),equals sign (=), and hyphen (-) characters. Cannot be changed after the profile is created.

pmtuDiscovery

Source for the maximum record size value. If ENABLED, the value is taken from the PMTU table. If DISABLED, the value is taken from the profile.

Possible values: ENABLED, DISABLED

Default value: DISABLED

maxRecordSize

Maximum size of records that can be sent if PMTU is disabled.

Default value: 1459

Minimum value: 250

Maximum value: 1459

maxRetryTime

Wait for the specified time, in seconds, before resending the request.

Default value: 3

Minimum value: 0

helloVerifyRequest

Send a Hello Verify request to validate the client.

Possible values: ENABLED, DISABLED

Default value: DISABLED

terminateSession

Terminate the session if the message authentication code (MAC) of the client and server do not match.

Possible values: ENABLED, DISABLED

Default value: DISABLED

maxPacketSize

Maximum number of packets to reassemble. This value helps protect against a fragmented packet attack.

Default value: 120

Minimum value: 0

Maximum value: 86400

Example

set dtlsprofile <profile name> -dropInvalReqs ON -markHttp09Inval ON

unset ssl dtlsProfile

Use this command to remove ssl dtlsProfile settings.Refer to the set ssl dtlsProfile command for meanings of the arguments.

Synopsys

unset ssl dtlsProfile <name> [-pmtuDiscovery] [-maxRecordSize] [-maxRetryTime] [-helloVerifyRequest] [-terminateSession] [-maxPacketSize]

show ssl dtlsProfile

Display all the configured DTLS profiles in the system. If a name is specified, then only that profile is shown.

Synopsys

show ssl dtlsProfile [<name>]

Arguments

name

Name of the DTLS profile.

Outputs

pmtuDiscovery

PMTU Discovery

maxRecordSize

Maximum record size

maxRetryTime

Maximum retry time

helloVerifyRequest

Hello Verify Request

terminateSession

Terminate Session

maxPacketSize

Maximum Packet Size

builtin

Flag to determine whether dtls profile is built-in or not

devno

count

stateflag

Example

show dtls profile [profile name]