Configuring a session cache timeout, Enabling ssl version 2, Enabling close notify – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 185: Disabling certificate verification

Advertising
background image

ServerIron ADX Security Guide

171

53-1002440-03

Advanced SSL profile configuration

6

Configuring a session cache timeout

By default, SSL sessions are held in the cache for 30 seconds. You can change the time period a
session is in cache, as shown in the following.

ServerIronADX(config)# ssl profile profile1

ServerIronADX(config-ssl-profile-profile1)# session-cache-timeout

Syntax: [no] session-cache-timeout <timeout-in-seconds>

The <timeout-in-seconds> variable can be set to a value between 20 and 86400 seconds. The
default value is 30 seconds.

Enabling SSL Version 2

By default, the ServerIronADX supports SSL version 3. You can enable SSL version 2 as shown in
the following example.

To do this, enter the following command under the SSL profile:

ServerIronADX(config)# ssl profile profile1

ServerIronADX(config-ssl-profile-profile1)# enable-ssl-v2

Syntax: [no] enable-ssl-v2

SSLv2 is disabled by default.

Enabling close notify

You can configure a ServerIronADX to send an alert before closing an SSL session as shown in the
following.

ServerIronADX(config)# ssl profile profile1

ServerIronADX(config-ssl-profile-profile1)# enable-close-notify

Syntax: [no] enable-close-notify

When this command is configured, the ServerIronADX will send an alert before closing an SSL
session. By default, a ServerIronADX does not send a close notify alert before closing an SSL
session.

Disabling certificate verification

You can configure an

ServerIron ADX to disable certificate verification as shown in the following:

ServerIronADX(config)# ssl profile profile1

ServerIronADX(config-ssl-profile-profile1)# disable-certificate-checking

Syntax: [no] disable-certificate-checking

This command only applies to SSL proxy mode. When a

ServerIron ADX is in SSL proxy mode, it acts

as a client for the backend server.

By default, if the server sends a certificate with the wrong information, the ServerIron ADX will
reject it. If this command is configured, the ServerIron ADX will accept an invalid certificate.

Advertising
Popular Brands
Popular manuals