Page History
Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The The
Spacevars | ||
---|---|---|
|
You can configure only one EMA TLS Profile at any given time.
Excerpt Include OneCertificateSupport OneCertificateSupport nopanel true
Note |
---|
You can configure up to three 20 client CA certifications (using separate 'set' commands) for an EMA TLS Profile. |
Warning |
---|
PC Java Configuration supports TLS 1.0 only by default. When you disable EmaTlsProfile v1_0, enable the corresponding Java Configuration for TLS support. See the example below for the Windows environment. |
Note |
---|
After configuring servercert and clientCACert in EmaTlsProfile, an appropriate value must be configured for clientAuthMethod in OAM > EMA to enable client SSL verification. |
To enable TLS support in Windows:
- Click Start and enter "Java Control Panel" in the Search field.
- Launch the Java Control Panel program.
- From the Java Control Panel, select Advanced tab.
- Check both "Use TLS 1.1" and "Use TLS 1.2" options under Advanced Security Settings section, and click Apply.
- Restart your browser for the changes to take effect.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name> authClient <false | true> ocspProfileName <OCSP profile name> serverCertName <server certificate> v1_0 <disabled | enabled> v1_1 <disabled | enabled> v1_2 <disabled | enabled> ciphersuite <ciphersuite name> % show profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name> % delete profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name> % show profiles security EmaTlsProfile <EMA TLS profile name> ciphersuite <ciphersuite name> % delete profiles security EmaTlsProfile <EMA TLS profile name> ciphersuite <ciphersuite name> |
Command Parameters
The EMA TLS Profile parameters are as shown below:
Parameter | Length/Range | Description |
---|---|---|
<EMA TLS Profile name> | 1-23 characters | The name of the EMA TLS Profile. Note: You can configure only one EMA TLS Profile at any given time. |
ClientCaCert | N/A | The name of the EMA-CA certificate associated with this EMA-TLS profile. |
authClient | N/A | Set flag to "true" to force the EMA-TLS client to authenticate itself within TLS.
|
ocspProfileName | N/A | The name of the OCSP profile associated with this EMA-TLS profile. |
serverCertName | N/A | The name of the server certificate associated with this EMA-TLS profile. |
v1_0 | N/A | TLS protocol version 1.0
|
v1_1 | N/A | TLS protocol version 1.1
|
v1_2 | N/A | TLS protocol version 1.2
|
ciphersuite | N/A | The EMA TLS Ciphersuite choice for this profile. See Supported ciphersuites for the list of supported ciphersuites. |
Anchor | ||||
---|---|---|---|---|
|
The following 12 SSL ciphersuites are supported initially in this feature. This list may change in the future based on requirements.
Ciphersuite | OpenSSL representation | Version | Kx | Au | Enc | Mac | Used in SBC Common Criteria Mode |
---|---|---|---|---|---|---|---|
AES128-SHA | AES128-SHA | SSLv3 | RSA | RSA | AES(128) | SHA1 | Yes |
AES256-SHA | AES256-SHA | SSLv3 | RSA | RSA | AES(256) | SHA1 | Yes |
AES128-SHA256 | AES128-SHA256 | TLSv1.2 | RSA | RSA | AES(128) | SHA256 | Yes |
AES256-SHA256 | AES256-SHA256 | TLSv1.2 | RSA | RSA | AES(256) | SHA256 | Yes |
ECDHE-RSA-AES128-SHA | ECDHE-RSA-AES128-SHA | TLSv1 | ECDH | RSA | AES(128) | SHA1 | Yes |
ECDHE-RSA-AES128-SHA256 | ECDHE-RSA-AES128-SHA256 | TLSv1.2 | ECDH | RSA | AES(128) | SHA256 | No |
ECDHE-RSA-AES128-GCM-SHA256 | ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 | ECDH | RSA | AESGCM(128) | AEAD | Yes |
ECDHE-RSA-AES256-SHA | ECDHE-RSA-AES256-SHA | TLSv1 | ECDH | RSA | AES(256) | SHA1 | No |
ECDHE-RSA-AES256-SHA384 | ECDHE-RSA-AES256-SHA384 | TLSv1.2 | ECDH | RSA | AES(256) | SHA384 | Yes |
ECDHE-RSA-AES256-GCM-SHA384 | ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 | ECDH | RSA | AESGCM(256) | AEAD | Yes |
AES128-GCM-SHA256 | AES128-GCM-SHA256 | TLSv1.2 | RSA | RSA | AESGCM(128) | AEAD | Yes |
AES256-GCM-SHA384 | AES256-GCM-SHA384 | TLSv1.2 | RSA | RSA | AESGCM(256) | AEAD | Yes |
Command Example
Code Block | ||
---|---|---|
| ||
% show profiles security EmaTlsProfile EmaTlsProfile defaultEmaTlsProfile { authClient true; serverCertName defaultSBCCert; v1_0 disabled; v1_1 disabled; v1_2 enabled; ciphersuite AES128-GCM-SHA256 } |