Excerpt |
---|
Defines a TLS Profile Table to be used in a SIP Signaling Group. |
Parameter Name | Required | Service Affecting | Data Type | Default Value | Possible Values | Description |
---|---|---|---|---|---|---|
Description | No | No | string | none | 64 - Max Length | Description of the profile |
TLSVersion | Yes | Yes | Enum | 2 | Possible values:
| Defines TLS Protocol Version. By default system would accept all TLS protocol versions up to 1.2. The SBC Client as a client would initiate highest supported version, which is TLS 1.2. |
HandshakeTimeout | Yes | Yes | int | 10 | Possible values:
| Specifies the SIP TLS client and server handshake inactivity timeout interval. The control timeout setting will abnormally terminate (with error) the TLS handshake session for a long period of inactivity between each TLS handshake message exchange. Recommended setting should be set to maximum 30 seconds due to network congestion. |
MutualAuth | Yes | No | int | 1 | Possible values:
| Specifies the authentication method option using the Mutual TLS in the SIP TLS server handshake exchange message. This enables the Mutual authentication request and verifications of the SIP peer client certificate. |
VerifyPeersCertificate | Yes | No | int | 1 | Possible values:
| Specifies the authentication method option of verifying the identity of the received SIP peer server certificate during the SIP TLS client handshake exchange message. This enables the verifications of the SIP peer server certificate. |
ClientCipherSequence | Yes | No | string | 10,9,6,5,7,4,3,1,0,2 | 32 - Max Length | Set of cipher suite(s) as comma seperated string in order of preference as security parameter negotiation with the remote system. Enumeration List:
|
ValidateClientFQDN | Yes | No | int | 1 | Possible values:
| If enabled runs reverse DNS lookup to verify peer's FQDN. |
ValidateServerFQDN | Yes | No | Enum | 1 | Possible values:
| If enabled performs validation of configured SIP Server host FQDN with the verify peer's FQDN. |
ClientCertificate | Yes | No | int | 1 | Possible values:
| Identifies the client certificate to be used for the TLS connection. |
ServerCertificate | No | No | int | 1 | Possible values:
| Identifies the server certificate to be used for the TLS connection. As of release 10.0, same certificate is used for both client and server TLS connections. The value of the Client Certificate is always used as a Server Certificate value. |
FallbackCompatibleMode | Yes | No | Enum | 0 | Possible values:
| If enabled SSLv2 and SSLv3 variants to TLS1.0 will be negotiated when the compatibility with the peer is important. |