Cisco Cisco Packet Data Gateway (PDG)
ACS Ruledef Configuration Mode Commands
▀ tls
▄ Command Line Interface Reference, StarOS Release 17
1168
tls
This command allows to configure TLS/SSL Server Name Indication (SNI) and corresponding custom defined protocol
(CDP).
(CDP).
Product
ACS
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Ruledef Configuration
active-charging service service_name > ruledef ruledef_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-acs-ruledef)#
Syntax
[ no ] tls { set-app-proto cdp_name_string | sni operator server_name_string }
no
If previously configured, deletes the configuration in the current ruledef.
set-app-proto cdp_name_string
Specifies the name of the custom defined protocol (CDP) for TLS/SSL flows matching the ruledef.
cdp_name_string
must be an alphanumeric string of 1 through 19 characters.
sni operator server_name_string
Specifies the TLS/SSL Server Name Indication (SNI) field value in the Client Hello packet.
operator
: Specifies how to match and must be one of the following:
!=
: Does not equal
=
: Equals
contains
: Contains
ends-with
: Ends with
starts-with
: Starts with
server_name_string
: Specifies the server name and must be an alphanumeric string of 1 through 127
characters.
Usage
Use this command to configure the TLS/SSL SNI and corresponding CDP. The CDP name for a TLS/SSL
flow must match a set of SNI rule lines in multiline-and or multiline-or manner.
flow must match a set of SNI rule lines in multiline-and or multiline-or manner.
Example
The following command configures the SNI to
facebook.com
:
tls sni = facebook.com