CONFIG PROTOCOL SSL PROFILE PROXY CONFIG

Level

asq+modify

History

RevocCheckFailPolicy appears in 1.0.0
BadDomainPolicy appears in 2.0.0
AllowIpInSNI appears in 2.0.0

Description

Configure the ssl profile

Usage

index=<profile_index> [BindAddr=<binding ip addr>] [OnFailedPolicy=<block|nodecrypt>] [UntrustedCAPolicy=<block|pass|nodecrypt>] [SelfSignedCertifPolicy=<block|pass|filter>] [ValidityDatePolicy=<block|pass|filter>] [OnInvalidType=<block|pass|filter>] [FullTransparent=on|off] [ContentInspection=on|off] [OnInvalidName=<block|pass|filter>] [RevocCheckFailPolicy=<block|pass|filter>] [AllowIpInSNI=<on|off>] [BadDomainPolicy=<block|pass|filter>]
index : profile number
BindAddr : bind the source IP address
OnFailedPolicy : Block|Nodecrypt SSL policy for error cases
OnInvalidName : Block|Pass|Filter SSL policy for invalid name cases
UntrustedCAPolicy : Block|Pass|Nodecrypt SSL policy for untrusted CA
SelfSignedCertifPolicy : Block|Pass|Filter Auto signed certificate Policy
ValidityDatePolicy : Block|Pass|Filter Validity date Policy
RevocCheckFailPolicy : Block|Pass|Filter Revocation check fails policy
BadDomainPolicy : Block|Pass|Filter Certificate didn't match the requested domain
OnInvalidType : Block|Pass|Filter Certificate does not have a valid type
FullTransparent : Disable/enable full transparent mode
ContentInspection : Enable/disable content inspection, disable implies bypass inspection analysis
AllowIpInSNI : on/off Allow the use of IP in SNI (violation of RFC 6066)

Returns

Error code

Example

CONFIG PROTOCOL SSL PROFILE PROXY CONFIG index=1 OnFailedPolicy=block UntrustedCAPolicy=nodecrypt SelfSignedCertifPolicy=filter ValidityDatePolicy=block AllowIpInSNI=on