Product Documentation

Configuring an SSL Default Syntax Policy

Sep 01, 2016
An SSL default syntax policy defines a control or a data action to be performed on requests. SSL policies can therefore be categorized as control policies and data policies:
  • Control policy. A control policy uses a control action, such as forcing client authentication.
    Note: In release 10.5 or later, deny SSL renegotiation (denySSLReneg) is set, by default, to ALL. However, control policies, such as CLIENTAUTH, trigger a renegotiation handshake. If you use such policies, you must set denySSLReneg to NO.
  • Data policy. A data policy uses a data action, such as inserting some data into the request.

The essential components of a policy are an expression and an action. The expression identifies the requests on which the action is to be performed. SSL policies use the default expression syntax or the classic expression syntax. For information about expressions and how to configure them, see .

You can configure a default syntax policy with a built-in action or a user-defined action. You can configure a policy with a built-in action without creating a separate action. However, to configure a policy with a user-defined action, first configure the action and then configure the policy.

You can specify an additional action, called an UNDEF action, to be performed in the event that applying the expression to a request has an undefined result.

To configure an SSL default syntax policy by using the command line interface

At the command prompt, type:

add ssl policy <name> -rule <expression> -Action <string> [-undefAction <string>] [-comment <string>]

To configure an SSL default syntax policy by using the configuration utility

Navigate to Traffic Management > SSL > Policies and, on the Polices tab, click Add.