3.89. SSLInspectionProfile

Home Prev	cOS Stream 4.00.05 CLI Reference Guide	Next

Description

An SSL Inspection profile enables SSL/TLS traffic to be decrypted and inspected. The data can either be re-encrypted or sent as cleartext in order to offload the server.

Properties

Name: Specifies a symbolic name for the SSL Inspection profile. (Identifier)
AllowedCipherSuites: Acceptable cipher suites. (Default: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA)
MinTLSVersion: Minimum allowed TLS version. (Default: TLSv1.2)
ServerConnection: Specifies whether or not to encrypt traffic on the internal protected side. (Default: SSL/TLS)
ServerCertMatching: Specifies whether the server certificate should match the configured certificate. (Default: Strict)
DetectOpportunisticTLS: Enable scanning of client data to detect when plaintext communication is upgraded to TLS encrypted communication. (Default: No)
Comments: Text describing the current object. (Optional)

3.89.1. SSLServer

Description

An SSL server specifies how to identify the system to the client.

Properties

Name: Specifies a symbolic name for the SSL server. (Optional)
ServerNameIndication: A string against which the Server Name Indication (SNI) will be matched.
Certificate: The certificate and private key for the server.
IntermediateCerts: The intermediate certificates between the server certificate and the root certificate. (Optional)

	Note
	If no `Index` is specified when creating an instance of this type, the object will be placed last in the list and the `Index` will be equal to the length of the list.