CHAPTER14 Security
Mediant 1000 Gateway & E-SBC | User's Manual
Parameter Description
■ [1] DTLSv1.0
■ [2] DTLSv1.2
For more information on WebRTC, see WebRTC.
Note: The parameter is applicable only to the SBC
application.
'Cipher Server'
ciphers-server
[TLSContexts_
ServerCipherString]
Defines the supported cipher suite for the TLS server (in
OpenSSL cipher list format).
For possible values and additional details, visit the OpenSSL
website at
https://www.openssl.org/docs/man1.0.2/apps/ciphers.html.
The default is "DEFAULT". This default value is the
OpenSSL keyword for their recommended default cipher list,
which is determined at compile time and is normally
ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2.
'Cipher Client'
ciphers-client
[TLSContexts_
ClientCipherString]
Defines the supported cipher suite for TLS clients.
For possible values and additional details, visit the OpenSSL
website at
https://www.openssl.org/docs/man1.0.2/apps/ciphers.html.
The default is "DEFAULT". This default value is the
OpenSSL keyword for their recommended default cipher list,
which is determined at compile time and is normally
ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2.
'Strict Certificate Extension
Validation'
require-strict-cert
[TLSContexts_
RequireStrictCert]
Enables the validation of the extensions (keyUsage and
extentedKeyUsage) of peer certificates. The validation
ensures that the signing CA is authorized to sign certificates
and that the end-entity certificate is authorized to negotiate a
secure TLS connection.
■ [0] Disable (default)
■ [1] Enable
'DH Key Size'
dh-key-size
[TLSContexts_DHKeySize]
Defines the Diffie-Hellman (DH) key size (in bits). DH is an
algorithm used chiefly for exchanging cryptography keys
used in symmetric encryption algorithms such as AES.
■ [1024] 1024 (default)
■ [2048] 2048
OCSP
'OCSP Server'
ocsp-server
[TLSContexts_OcspEnable]
Enables or disables certificate checking using OCSP.
■ [0] Disable (default)
■ [1] Enable
'Primary OCSP Server'
ocsp-server-primary
[TLSContexts_
OcspServerPrimary]
Defines the IP address (in dotted-decimal notation) of the
primary OCSP server.
The default is 0.0.0.0.
- 126 -
To Next Page
Loading...
