Parameter | Length/Range | Description |
|---|
tlsProfileName
| 1-23 | Name assigned to this Transport Layer Security (TLS) profile. |
acceptableCertValidationErrors | N/A | Use this parameter to specify if certificate chain validation errors are acceptable while validating the peer certificate. invalidPurpose none (default)
|
allowedRoles
| N/A | Allowed TLS roles for this TLS profile. clientandserver – (default) Choose to select both a TLS client and server role, depending on the request direction. This is primarily for peering applications.server – The will only be a TLS server. This is primarily for access applications.
|
appAuthTimer
| 1-60 | The higher layer authentication timer in seconds. (default = 5). |
authClient
| N/A | Indicates whether or not a TLS client is forced to authenticate itself within TLS. If set to false, the client is not required to authenticate itself at the TLS layer, but must complete authentication within a higher-level protocol after the TLS connection is established (that is, SIP registration). |
cipherSuite1
| N/A | Use this parameter to specify the first TLS Cipher Suite choice for this profile. See Supported Cipher Suites table below for the list of cipher suites. |
cipherSuite2
| N/A | Use this optional parameter to specify the second TLS Cipher Suite choice for this profile. See Supported Cipher Suites table below for the list of cipher suites. |
cipherSuite3
| N/A | Use this optional parameter to specify the third TLS Cipher Suite choice for this profile. See Supported Cipher Suites table below for the list of cipher suites. |
clientCertName
| 1-23 | The name of the default Client Certificate to be used by this TLS profile, created using the SECURITY PKI configuration object. |
handshakeTimer
| 1-60 | The time (in seconds) in which the TLS handshake must be completed. The timer starts when the TCP connection is established. (default = 5) |
ocspProfileName | 1-23 | Name of OCSP profile object referenced by TLS profile. |
serverCertName
| 1-23 | Specifies the name of the Server Certificate to be used by this TLS profile, created using the SECURITY PKI configuration object. |
sessionResumpTimer
| 0-86400 | The TLS session resumption period (in seconds) for which cached sessions are retained. TLS allows successive connections to be created within one TLS session (and the resumption of a session after a TLS connection is closed or after a server card failover) without repeating the entire authentication and other setup steps for each connection, except when the space must be reclaimed for a new session. (default = 3600) |
suppressEmptyFragments | N/A | Enable flag to prevent the SBC from inserting empty fragments when sending packets on TLS over TCP connection in support of older versions of TLS implementation. disabled (default)
enabled
|
v1_0 | N/A | TLS protocol version 1.0 (see note below) disabled enabled (default)
|
v1_1 | N/A | TLS protocol version 1.1 (see note below) disabled (default)
enabled
|
v1_2 | N/A | TLS protocol version 1.2 (see note below) disabled (default)
enabled
|