Product Documentation

Differences between the Old and the New SSL Profile Infrastructure

Sep 01, 2016

 

Old Profile

New Profile

Ciphers and ECC Curves included in the profile

No

Yes

Inserting a cipher or cipher group in the middle of an existing list

Unbind all the ciphers and bind again in the order of the required priority.

 

Add a cipher and assign it a priority. If a priority is not specified, the cipher is assigned the lowest priority in the list.

 

Unbinding all the ciphers

> unbind ssl vserver <name> ciphername –ALL

unbind ssl profile –cipherName –FlushAllCiphers

(Release 11.0 build 64.x or later includes the FlushAllCiphers parameter for unbinding all the ciphers or cipher groups from a profile, because ALL is treated like a cipher group.)

State of SSLv3

n/a

Disabled on the default front-end profile (ns_default_ssl_profile_frontend).
Note: Before you enable this profile, SSLv3 is enabled globally. After enabling the profile, SSLv3 is disabled on the front-end default profile.