You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Back to Table of Contents

Back to CLI Configure Mode

Back to Profiles - CLI

Back to Security - CLI

In this section:

Related articles:

Use DTLS Profile to configure various DTLS parameters attached to a SIP trunk group in support of WebRTC functionality.

Command Syntax

% set profiles security dtlsProfile <profile name> 
	CertName <cert name>
	cipherSuite1 <cipher suite> 
	cipherSuite2 <cipher suite> 
	cipherSuite3 <cipher suite>
	cookieExchange <disabled | enabled>
	dtlsRole <client | server>
	handshakeTimer <1-60 seconds> 
	hashType <md2 | md5 | sha1 | sha224 | sha256 | sha384 | sha512>
	sessionResumpTimer <0-86400>
	v1_0 <disabled | enabled>
    v1_1 <disabled | enabled>
    v1_2 <disabled | enabled>

 

Command Parameters

The DTLS Profile Parameters are as shown below:

DTLS Profile Parameters

Parameter

Length/Range

Description

dtlsProfile1-23<profile name> – Name of DTLS profile.

CertName

1-23

<profile name> – Name of the Certificate used by this DTLS profile (default = defaultDtlsSBCCert).

cipherSuite1

N/A

Use this parameter to specify the first TLS Cipher Suite choice for this profile (default = rsa-with-aes-128-cbc-sha).

See Table 2 on the page TLS for Signaling for the list of cipher suites.

cipherSuite2

N/A

Use this optional parameter to specify the second TLS Cipher Suite choice for this profile (default = nosuite).

See Table 2 on the page TLS for Signaling for the list of cipher suites.

cipherSuite3

N/A

Use this optional parameter to specify the third TLS Cipher Suite choice for this profile (default = nosuite).

See Table 2 on the page TLS for Signaling for the list of cipher suites.

cookieExchangeN/A

Use this flag to enable Cookie Exchange mechanism.

  • disabled
  • enabled (default)
dtlsRoleN/A

Specify DTLS role to use for this DTLS Profile.

  • client
  • server (default)

handshakeTimer

1-60

The time (in seconds) in which the DTLS handshake must be completed. The timer starts when the TCP connection is established. (default = 5)

hashTypeN/A

The allowed DTLS hash function for the specified DTLS Profile (default = sha1)

md2 | md5 | sha1 | sha224 | sha256 | sha384 | sha512

sessionResumpTimer

0-86400

The DTLS session resumption period (in seconds) for which cached sessions are retained. DTLS protocol allows successive connections to be created within one DTLS session (and the resumption of a session after a DTLS connection is closed or after a server card failover) without repeating the entire authentication and other setup steps for each connection, except when the space must be reclaimed for a new session. (default = 300)

v1_0N/A

DTLS protocol version 1.0 (see note below)

  • disabled
  • enabled (default)
v1_1N/A

DTLS protocol version 1.1 (see note below)

  • disabled  (default)
  • enabled
v1_2N/A

DTLS protocol version 1.2 (see note below)

  • disabled (default)
  • enabled

 

Command Examples

% show profiles security dtlsProfile defaultDtlsProfile
handshakeTimer     5;
sessionResumpTimer 300;
cipherSuite1       rsa-with-aes-128-cbc-sha;
dtlsRole           server;
hashType           sha1;
CertName           defaultDtlsSBCCert;
cookieExchange     enabled;
v1_0               enabled;
v1_1               disabled;
v1_2               disabled; 
  • No labels