Red Lion IndustrialPr 6000 Router User Manual
Page 103
Software User Guide
103
Services Tab
Enable SSL: Select Yes to configure SSL client/server. Select No and then the Apply button to disable SSL.
Select Activity Log Level: This option controls the logging level for SSL Connection activity. The recommended setting
for a production environment is: Summary. For a test environment: Full.
Wait for Connection (sec.): Time (in seconds) allowed after sending SYN packets, to wait for SYN‐ACK. The recom‐
mended setting for this field is 20 seconds.
Idle Timeout (min): Time (in minutes) allowed for no traffic over an SSL connection, before closing down the link. The
recommended setting for this field is 720 (minutes).
Enable Advance Setup: Select Yes to modify advanced SSL options.
Bind Interface for accepting TCP Connections: This will restrict the unencrypted listening socket to allow connections
coming into the specified interface only. The recommended setting for this field is Any.
Bind Interface for outgoing SSL Connections: This will restrict the encrypted socket to initiate connections out the
specified interface only. Specifying an interface here may conflict with policy routing, however it may be required in a
GRE/VPN or other tunneled environment. Please consult with a network architect for additional assistance. The rec‐
ommended setting for this field is Any.
Ciphers: This field is a list of supported openssl ciphers. Please consult support staff before attempting to change
these values. Reference Google: “openssl cipher list” for more information. The recommended setting for this field is:
RC4‐MD5:RC5‐SHA:SSLv3
Select Certificate: Specifying a certificate in client mode will use this certificate chain as a client side certificate chain.
Using client side certs is optional. The certificates must be in PEM format, with an unencrypted key (not password pro‐
tected when generated). Use Admin‐>Certificate Manager to install/update certs.
Select Keep‐Alive behavior: This option enables TCP Keep‐alives on the underlying sockets. The following options are
supported: