An SSL default
syntax policy defines a control or a data action to be performed on requests.
SSL policies can therefore be categorized as control policies and data
- Control policy. A
control policy uses a control action, such as forcing client authentication.
release 10.5 or later, deny SSL renegotiation (denySSLReneg) is set, by
default, to ALL. However, control policies, such as CLIENTAUTH, trigger a
renegotiation handshake. If you use such policies, you must set denySSLReneg to
- Data policy. A data
policy uses a data action, such as inserting some data into the request.
components of a policy are an expression and an action. The expression
identifies the requests on which the action is to be performed. SSL policies
use the default expression syntax or the classic expression syntax.
For information about expressions and how to configure them, see
configure a default syntax policy with a built-in action or a user-defined
action. You can configure a policy with a built-in action without creating a
separate action. However, to configure a policy with a user-defined action,
first configure the action and then configure the policy.
You can specify
an additional action, called an UNDEF action, to be performed in the event that
applying the expression to a request has an undefined result.