| Add_docset_workflow |
|---|
| APPRJID | SBX-27890 |
|---|
| AUTH1 | bscoggins |
|---|
| DEV2 | kpatchamatla |
|---|
| DEV1 | rseth |
|---|
| LDEV1 | sgardell |
|---|
| SVT1 | rparampalli |
|---|
| LSVT1 | radaikalam |
|---|
| AUTHJID | SBX-27890 |
|---|
|
...
...
...
Back to Table of Contents
Back to CLI Configure Mode
Back to Profiles - CLI
Back to Security - CLI
...
...
...
...
...
...
Use DTLS Profile to configure various DTLS parameters attached to a SIP trunk group in support of WebRTC functionality.
Command Syntax
| Code Block |
|---|
|
% set profiles security dtlsProfile <profile name>
CertName <cert name>
cipherSuite1 <cipher suite>
cipherSuite2 <cipher suite>
cipherSuite3 <cipher suite>
cookieExchange <disabled | enabled>
dtlsRole <client | server>
handshakeTimer <1-60 seconds>
hashType <md2 | md5 | sha1 | sha224 | sha256 | sha384 | sha512>
sessionResumpTimer <0-86400>
v1_0 <disabled | enabled>
v1_1 <disabled | enabled>
v1_2 <disabled | enabled> |
Command Parameters
The DTLS Profile Parameters are as shown below:
| Caption |
|---|
| 0 | Table |
|---|
| 1 | DTLS Profile Parameters |
|---|
|
Parameter | Length/Range | Description |
|---|
dtlsProfile | 1-23 | <profile name> – Name of DTLS profile. | CertName
| 1-23 | <profile name> – Name of the Certificate used by this DTLS profile (default = defaultDtlsSBCCert).
| cipherSuite1
| N/A | Use this parameter to specify the first TLS Cipher Suite choice for this profile (default = rsa-with-aes-128-cbc-sha). See |
|
...
the table Supported DTLS Crypto Suites below for the list of cipher suites. | cipherSuite2
| N/A | Use this optional parameter to specify the second TLS Cipher Suite choice for this profile (default = nosuite). See |
|
...
the table Supported DTLS Crypto Suites below for the list of cipher suites. | cipherSuite3
| N/A | Use this optional parameter to specify the third TLS Cipher Suite choice for this profile (default = nosuite). See |
|
...
the table Supported DTLS Crypto Suites below for the list of cipher suites. | cookieExchange | N/A | Use this flag to enable Cookie Exchange mechanism. disabled enabled (default)
| dtlsRole | N/A | Specify DTLS role to use for this DTLS Profile. | handshakeTimer
| 1-60 | The time (in seconds) in which the DTLS handshake must be completed. The timer starts when the TCP connection is established. (default = 5) | hashType | N/A | The allowed DTLS hash function for the specified DTLS Profile (default = sha1) md2 | md5 | sha1 | sha224 | sha256 | sha384 | sha512
| sessionResumpTimer
| 0-86400 | The DTLS session resumption period (in seconds) for which cached sessions are retained. DTLS protocol allows successive connections to be created within one DTLS session (and the resumption of a session after a DTLS connection is closed or after a server card failover) without repeating the entire authentication and other setup steps for each connection, except when the space must be reclaimed for a new session. (default = 300) | v1_0 | N/A | DTLS protocol version 1.0 (see note below) disabled enabled (default)
| v1_1 | N/A | DTLS protocol version 1.1 (see note below) disabled (default)
enabled
| v1_2 | N/A | DTLS protocol version 1.2 (see note below) disabled (default)
enabled
|
|
| Anchor |
|---|
| Supported DTLS Crypto Suites |
|---|
| Supported DTLS Crypto Suites |
|---|
|
| Multiexcerpt include |
|---|
| MultiExcerptName | DTLS Crypto Suites Table |
|---|
| PageWithExcerpt | TLS for Signaling |
|---|
|
Command Examples
| Code Block |
|---|
|
% show profiles security dtlsProfile defaultDtlsProfile
handshakeTimer 5;
sessionResumpTimer 300;
cipherSuite1 rsa-with-aes-128-cbc-sha;
dtlsRole server;
hashType sha1;
CertName defaultDtlsSBCCert;
cookieExchange enabled;
v1_0 enabled;
v1_1 disabled;
v1_2 disabled; |