Product Documentation

Appendix B: Default Front-End and Back-End SSL Profile Settings

Sep 01, 2016

A default front-end profile has the following settings:

> sh ssl profile ns_default_ssl_profile_frontend

1)Name: ns_default_ssl_profile_frontend

     Configuration for Front-End SSL profile

     DH: DISABLED

     Ephemeral RSA: ENABLED          Refresh Count: 0

     Session Reuse: ENABLED          Timeout: 120 seconds

     Non FIPS Ciphers: DISABLED

     Cipher Redirect: ENABLED   Redirect URL: http://10.102.28.212/redirect.html

     Client Auth: DISABLED

     SSL Redirect: DISABLED

     SNI: DISABLED

     SSLv3: DISABLED TLSv1.0: ENABLED  TLSv1.1: ENABLED  TLSv1.2: ENABLED

     Push Encryption Trigger: Always

     PUSH encryption trigger timeout:     1 ms

     Send Close-Notify: YES

     Push flag: 0x0 (Auto)

     Deny SSL Renegotiation          NO

     SSL quantum size:          8 kB

     Strict CA checks:          NO

     Encryption trigger timeout 100 mS

     Encryption trigger packet count:     45

     Use only bound CA certificates: DISABLED

     Subject/Issuer Name Insertion Format: Unicode

     Strict Host Header check for SNI enabled SSL sessions:          NO

 

     ECC Curve: P_256, P_384, P_521

 

1)   Cipher Name: AES     Priority :2

     Description: Predefined Cipher Alias

 

1)   Vserver Name: v1  >>>>>>>>>>

2)   Vserver Name: nshttps-::1l-443 >>>>>>>>>>

3)   Vserver Name: nsrpcs-::1l-3008

4)   Vserver Name: nskrpcs-127.0.0.1-3009

5)   Vserver Name: nshttps-127.0.0.1-443

6)   Vserver Name: nsrpcs-127.0.0.1-3008

Done

A default back-end profile has the following settings:

> sh ssl profile ns_default_ssl_profile_backend

1)Name: ns_default_ssl_profile_backend

     Configuration for Back-End SSL profile

     Session Reuse: ENABLED          Timeout: 300 seconds

     Non FIPS Ciphers: DISABLED

     Server Auth: DISABLED

     SSLv3: DISABLED TLSv1.0: ENABLED  TLSv1.1: DISABLED  TLSv1.2: DISABLED

     Push Encryption Trigger: Always

     PUSH encryption trigger timeout:     1 ms

     Send Close-Notify: YES

     Push flag: 0x0 (Auto)

     Deny SSL Renegotiation          ALL

     SSL quantum size:          8 kB

     Strict CA checks:          NO

     Encryption trigger timeout 100 mS

     Encryption trigger packet count:     45

     Use only bound CA certificates: DISABLED

 

     ECC Curve: P_256, P_224, P_521

 

1)   Cipher Name: AES     Priority :1

     Description: Predefined Cipher Alias

 

2)   Cipher Name: RC4     Priority :2

     Description: Predefined Cipher Alias

 

1)   Service Name: s2 >>>>>>>>>>>>

2)   Service Name: s1 >>>>>>>>>>>>

Done