User's Manual 1040 Document #: LTRT-27055
Mediant 1000B Gateway & E-SBC
Table 65-25: TLS Parameters
Parameter Description
TLS Contexts Table
TLS Contexts
configure system > tls #
[TLSContexts]
Defines SSL/TLS certificates.
The format of the ini file table parameter is as follows:
[ TLSContexts ]
TLSContexts_Index = TLSContexts_Name,
TLSContexts_TLSVersion, TLSContexts_DTLSVersion,
TLSContexts_ServerCipherString,
TLSContexts_ClientCipherString, TLSContexts_RequireStrictCert,
TLSContexts_OcspEnable, TLSContexts_OcspServerPrimary,
TLSContexts_OcspServerSecondary,
TLSContexts_OcspServerPort,
TLSContexts_OcspDefaultResponse, TLSContexts_DHKeySize;
[ \TLSContexts ]
For more information, see ''Configuring TLS Certificate Contexts''
on page 109.
TLS Client Re-Handshake
Interval
configure network/security-
settings/tls-re-hndshk-int
[TLSReHandshakeInterval]
Defines the time interval (in minutes) between TLS Re-
Handshakes initiated by the device.
The interval range is 0 to 1,500 minutes. The default is 0 (i.e., no
TLS Re-Handshake).
TLS Mutual Authentication
[SIPSRequireClientCertificate]
Defines the device's mode of operation regarding mutual
authentication and certificate verification for TLS connections.
[0] Disable = (Default)
Device acts as a client: Verification of the server’s
certificate depends on the VerifyServerCertificate
parameter.
Device acts as a server: The device does not request the
client certificate.
[1] Enable =
Device acts as a client: Verification of the server certificate
is required to establish the TLS connection.
Device acts as a server: The device requires the receipt
and verification of the client certificate to establish the TLS
connection.
Note:
For the parameter to take effect, a device reset is required.
This feature can be configured per SIP Interface (see
''Configuring SIP Interfaces'' on page 345).
The SIPS certificate files can be changed using the
parameters HTTPSCertFileName and HTTPSRootFileName.
Peer Host Name Verification
Mode
[PeerHostNameVerificationMode]
Enables the device to verify the Subject Name of a TLS certificate
received from SIP entities for authentication and establishing TLS
connections.
[0] Disable (default).
[1] Server Only = Verify Subject Name only when acting as a
client for the TLS connection.
[2] Server & Client = Verify Subject Name when acting as a
server or client for the TLS connection.
If the device receives a certificate from a SIP entity (IP Group)
To Next Page
Loading...
