CONFIG PROTOCOL SSL PROFILE PROXY CONFIG

Level

asq,modify

History

RevocCheckFailPolicy appears in 1.0.0
BadDomainPolicy appears in 2.0.0
AllowIpInSNI appears in 2.0.0
OnEmptyALPN appears in 4.4.0

Description

Configure the ssl profile

Usage

index=<profile_index> [BindAddr=<binding ip addr>] [OnFailedPolicy=<block|nodecrypt>] [UntrustedCAPolicy=<block|pass|nodecrypt>] [SelfSignedCertifPolicy=<block|pass|filter>] [ValidityDatePolicy=<block|pass|filter>] [OnInvalidType=<block|pass|filter>] [FullTransparent=on|off] [ContentInspection=on|off] [OnInvalidName=<block|pass|filter>] [RevocCheckFailPolicy=<block|pass|filter>] [AllowIpInSNI=<on|off>] [BadDomainPolicy=<block|pass|filter>][OnEmptyALPNPolicy=<block|legacy>]
index : profile number
BindAddr : bind the source IP address
OnFailedPolicy : Block|Nodecrypt SSL policy for error cases
OnInvalidName : Block|Pass|Filter SSL policy for invalid name cases
UntrustedCAPolicy : Block|Pass|Nodecrypt SSL policy for untrusted CA
SelfSignedCertifPolicy : Block|Pass|Filter Auto signed certificate Policy
ValidityDatePolicy : Block|Pass|Filter Validity date Policy
RevocCheckFailPolicy : Block|Pass|Filter Revocation check fails policy
BadDomainPolicy : Block|Pass|Filter Certificate didn't match the requested domain
OnInvalidType : Block|Pass|Filter Certificate does not have a valid type
FullTransparent : Disable/enable full transparent mode
ContentInspection : Enable/disable content inspection, disable implies bypass inspection analysis
AllowIpInSNI : on/off Allow the use of IP in SNI (violation of RFC 6066)
OnEmptyALPNPolicy : if ALPN field is empty after filtering, choose between blocking the connection or continuing without ALPN Extension (legacy mode)