Citrix Systems 9.2 Benutzerhandbuch

Chapter 7 Advanced Expressions: Parsing SSL Certificates

143

Prefixes for Numeric Data in SSL Certificates

The following table describes prefixes that evaluate numeric data other than dates
in SSL certificates. These prefixes can be used with the operations that are
described in

“Basic Operations on Expression Prefixes,” on page 44

and

“Compound Operations for Numbers,” on page 48

Note:

For expressions related to expiration dates in a certificate, see

“Expressions for SSL Certificate Dates,” on page 101

Expressions for SSL Certificates

You can parse SSL certificates by configuring expressions that use the following
prefix:

CLIENT.SSL.CIPHER_NAME

Returns the name of the SSL Cipher if invoked
from an SSL connection, and a NULL string if
invoked from a non-SSL connection.

CLIENT.SSL.IS_SSL

Returns a Boolean TRUE if the current connection
is SSL-based.

Prefixes That Return Text or Boolean Values for SSL and Client Certificate Data

Prefix

Description

Prefixes That Evaluate Numeric Data Other Than Dates in SSL Certificates

Prefix

Description

CLIENT.SSL.CLIENT_CERT.

DAYS_TO_EXPIRE

Returns the number of days that the certificate is
valid, or returns -1 for expired certificates.

CLIENT.SSL.CLIENT_CERT.

PK_SIZE

Returns the size of the public key used in the
certificate.

CLIENT.SSL.CLIENT_CERT.

VERSION

Returns the version number of the certificate. If the
connection is not SSL-based, returns zero (0).

CLIENT.SSL.CIPHER_BITS

Returns the number of bits in the cryptograhic key.
Returns 0 if the connection is not SSL based.

CLIENT.SSL.VERSION

Returns a number that represents the SSL protocol
version, as follows:

• 0. The transaction is not SSL based.
• 0x002. The transaction is SSLv2.
• 0x300. The transaction is SSLv3.
• 0x301. The transaction is TLSv1.