Brocade Communications Systems 12.4.00a Manual De Usuario
ServerIron ADX Security Guide
171
53-1002440-03
Advanced SSL profile configuration
6
Configuring a session cache timeout
By default, SSL sessions are held in the cache for 30 seconds. You can change the time period a
session is in cache, as shown in the following.
session is in cache, as shown in the following.
ServerIronADX(config)# ssl profile profile1
ServerIronADX(config-ssl-profile-profile1)# session-cache-timeout
Syntax: [no] session-cache-timeout <timeout-in-seconds>
The <timeout-in-seconds> variable can be set to a value between 20 and 86400 seconds. The
default value is 30 seconds.
default value is 30 seconds.
Enabling SSL Version 2
By default, the ServerIronADX supports SSL version 3. You can enable SSL version 2 as shown in
the following example.
the following example.
To do this, enter the following command under the SSL profile:
ServerIronADX(config)# ssl profile profile1
ServerIronADX(config-ssl-profile-profile1)# enable-ssl-v2
Syntax: [no] enable-ssl-v2
SSLv2 is disabled by default.
Enabling close notify
You can configure a ServerIronADX to send an alert before closing an SSL session as shown in the
following.
following.
ServerIronADX(config)# ssl profile profile1
ServerIronADX(config-ssl-profile-profile1)# enable-close-notify
Syntax: [no] enable-close-notify
When this command is configured, the ServerIronADX will send an alert before closing an SSL
session. By default, a ServerIronADX does not send a close notify alert before closing an SSL
session.
session. By default, a ServerIronADX does not send a close notify alert before closing an SSL
session.
Disabling certificate verification
You can configure an
ServerIron ADX to disable certificate verification as shown in the following:
ServerIronADX(config)# ssl profile profile1
ServerIronADX(config-ssl-profile-profile1)# disable-certificate-checking
Syntax: [no] disable-certificate-checking
This command only applies to SSL proxy mode. When a
ServerIron ADX is in SSL proxy mode, it acts
as a client for the backend server.
By default, if the server sends a certificate with the wrong information, the ServerIron ADX will
reject it. If this command is configured, the ServerIron ADX will accept an invalid certificate.
reject it. If this command is configured, the ServerIron ADX will accept an invalid certificate.