Parameter | Description |
---|
Name | Specifies the name of the Dtls Profile created. The value ranges up to 23 characters. |
Handshake Timer
| Specifies the time in which the Dtls handshake must be completed. The timer starts when the TCP connection is established. Must be 1 - 60 seconds; default is 5. |
Session Resump Timer | Specifies the Dtls session resumption period for which cached sessions are retained (in seconds). Dtls allows successive connections to be created within one Dtls session and the resumption of a session after a Dtls connection is closed or after a server card failover, without repeating the entire authentication and other setup steps for each connection, except when the space must be reclaimed for a new session. Must be 0 - 86,400 seconds; default is 300. |
Cipher Suite1 | Use this parameter to specify the first Dtls Cipher Suite choice for this profile. nosuite
rsa-with-3des-ede-cbc-sha – Authentication mechanism in the Dtls Handshake protocol.
rsa-with-aes-128-cbc-sha (default) – Confidentiality cipher and mode for the Dtls Record protocol.rsa-with-aes-128-cbc-sha-256 – Confidentiality cipher and mode for the Dtls Record protocol with SHA-256 as the hash function.
rsa-with-aes-256-cbc-sha – Confidentiality cipher and mode for the Dtls Record protocol with AES 256 encryption. rsa-with-aes-256-cbc-sha-256 * – Confidentiality cipher and mode for the Dtls Record protocol with AES 256 encryption and SHA-256 as the hash function.
rsa-with-null-sha – The integrity cipher used for the Dtls Record protocol.
tls_ecdh_ecdsa_with_aes_256_cbc_sha384 ** – Confidentiality cipher and mode for Dtls Record with AES256 GCM and SHA384 as hash function.tls_ecdh_ecdsa_with_aes_256_gcm_sha384 ** – Confidentiality cipher and mode for Dtls Record with AES256 CBC and SHA384 as hash function.
tls_ecdhe_rsa_with_aes_256_cbc_sha384 * – Confidentiality cipher and mode for the Dtls Record protocol using ECDHE (Elliptic Curve Diffie-Hellman key Exchange).
tls_ecdhe_rsa_with_aes_128_cbc_sha – Confidentiality cipher and mode for the Dtls Record protocol using ECDHE (Elliptic Curve Diffie-Hellman key Exchange) with AES128 CBC and SHA as hash function.
* To use this cipher, Dtls version 1.2 must be enabled in the Dtls Profile. ** To use this cipher, Dtls version 1.2 must be enabled in the Dtls Profile and SSL certificates must be created using ECC keys. Warning: When fips-140-2 mode is enabled, rsa-with-null-sha should not be used. |
Cipher Suite2 | Use this parameter to specify the second Dtls Cipher Suite choice for this profile. nosuite (default)
rsa-with-3des-ede-cbc-sha – Authentication mechanism in the Dtls Handshake protocol.
rsa-with-aes-128-cbc-sha (default) – Confidentiality cipher and mode for the Dtls Record protocol.rsa-with-aes-128-cbc-sha-256 – Confidentiality cipher and mode for the Dtls Record protocol with SHA-256 as the hash function.
rsa-with-aes-256-cbc-sha – Confidentiality cipher and mode for the Dtls Record protocol with AES 256 encryption. rsa-with-aes-256-cbc-sha-256 * – Confidentiality cipher and mode for the Dtls Record protocol with AES 256 encryption and SHA-256 as the hash function.
rsa-with-null-sha – The integrity cipher used for the Dtls Record protocol.
tls_ecdh_ecdsa_with_aes_256_cbc_sha384 ** – Confidentiality cipher and mode for Dtls Record with AES256 GCM and SHA384 as hash function.tls_ecdh_ecdsa_with_aes_256_gcm_sha384 ** – Confidentiality cipher and mode for Dtls Record with AES256 CBC and SHA384 as hash function.
tls_ecdhe_rsa_with_aes_256_cbc_sha384 * – Confidentiality cipher and mode for the Dtls Record protocol using ECDHE (Elliptic Curve Diffie-Hellman key Exchange).
tls_ecdhe_rsa_with_aes_128_cbc_sha – Confidentiality cipher and mode for the Dtls Record protocol using ECDHE (Elliptic Curve Diffie-Hellman key Exchange) with AES128 CBC and SHA as hash function.
* To use this cipher, Dtls version 1.2 must be enabled in the Dtls Profile. ** To use this cipher, Dtls version 1.2 must be enabled in the Dtls Profile and SSL certificates must be created using ECC keys. Warning: When fips-140-2 mode is enabled, rsa-with-null-sha should not be used. |
Cipher Suite3 | Use this parameter to specify the third Dtls Cipher Suite choice for this profile. nosuite (default)rsa-with-3des-ede-cbc-sha – Authentication mechanism in the Dtls Handshake protocol.
rsa-with-aes-128-cbc-sha (default) – Confidentiality cipher and mode for the Dtls Record protocol.rsa-with-aes-128-cbc-sha-256 – Confidentiality cipher and mode for the Dtls Record protocol with SHA-256 as the hash function.
rsa-with-aes-256-cbc-sha – Confidentiality cipher and mode for the Dtls Record protocol with AES 256 encryption. rsa-with-aes-256-cbc-sha-256 * – Confidentiality cipher and mode for the Dtls Record protocol with AES 256 encryption and SHA-256 as the hash function.
rsa-with-null-sha – The integrity cipher used for the Dtls Record protocol.
tls_ecdh_ecdsa_with_aes_256_cbc_sha384 ** – Confidentiality cipher and mode for Dtls Record with AES256 GCM and SHA384 as hash function.tls_ecdh_ecdsa_with_aes_256_gcm_sha384 ** – Confidentiality cipher and mode for Dtls Record with AES256 CBC and SHA384 as hash function.
tls_ecdhe_rsa_with_aes_256_cbc_sha384 * – Confidentiality cipher and mode for the Dtls Record protocol using ECDHE (Elliptic Curve Diffie-Hellman key Exchange).
tls_ecdhe_rsa_with_aes_128_cbc_sha – Confidentiality cipher and mode for the Dtls Record protocol using ECDHE (Elliptic Curve Diffie-Hellman key Exchange) with AES128 CBC and SHA as hash function.
* To use this cipher, Dtls version 1.2 must be enabled in the Dtls Profile. ** To use this cipher, Dtls version 1.2 must be enabled in the Dtls Profile and SSL certificates must be created using ECC keys. Warning: When fips-140-2 mode is enabled, rsa-with-null-sha should not be used. |
Dtls Role | Specifies the allowed DTLS roles of this DTLS profile. The options are: |
Hash Type | Specifies the allowed DTLS hash function for a specified DTLS profile. The options are: Md2 Md5 Sha1 (default)
Sha224 Sha256 Sha384 Sha512
|
Cert Name | Specifies the name of the certificate referred by a specified DTLS profile. The default value is defaultDtlsSBCCert . |
Cookie Exchange | Specifies the state that is, enabled or disabled cookie exchange. disabled enabled (default)
|
V1_0 | Dtls protocol version 1.0. disabled enabled (default)
|
V1_1 | Dtls protocol version 1.1. disabled (default)
enabled
|
V1_2 | Dtls protocol version 1.2. disabled (default) enabled
|