Version 6.6 533 Mediant 2000
User's Manual 45. Configuration Parameters Reference
45.4.4 TLS Parameters
The Transport Layer Security (TLS) parameters are described in the table below.
TLS Parameters
Parameter Description
Web/EMS: TLS Version
[TLSVersion]
Determines the supported versions of SSL/TLS (Secure Socket
Layer/Transport Layer Security.
 [0] SSL 2.0-3.0 and TLS 1.0 = (Default) SSL 2.0, SSL 3.0, and TLS
1.0 are supported.
 [1] TLS 1.0 Only = only TLS 1.0 is used.
When set to 0, SSL/TLS handshakes always start with SSL 2.0 and
switch to TLS 1.0 if both peers support it. When set to 1, TLS 1.0 is the
only version supported; clients attempting to contact the device using
SSL 2.0 are rejected.
Note: For this parameter to take effect, a device reset is required.
Web: TLS Client Re-
Handshake Interval
EMS: TLS Re
Handshake Interval
[TLSReHandshakeInter
val]
Defines the time interval (in minutes) between TLS Re-Handshakes
initiated by the device.
The interval range is 0 to 1,500 minutes. The default is 0 (i.e., no TLS
Re-Handshake).
Web: TLS Mutual
Authentication
EMS: SIPS Require
Client Certificate
[SIPSRequireClientCert
ificate]
Determines the device's behavior when acting as a server for TLS
connections.
 [0] Disable = (Default) The device does not request the client
certificate.
 [1] Enable = The device requires receipt and verification of the client
certificate to establish the TLS connection.
Notes:
 For this parameter to take effect, a device reset is required.
 The SIPS certificate files can be changed using the parameters
HTTPSCertFileName and HTTPSRootFileName.
Web/EMS: Peer Host
Name Verification Mode
[PeerHostNameVerifica
tionMode]
Determines whether the device verifies the Subject Name of a remote
certificate when establishing TLS connections.
 [0] Disable (default).
 [1] Server Only = Verify Subject Name only when acting as a client
for the TLS connection.
 [2] Server & Client = Verify Subject Name when acting as a server or
client for the TLS connection.
When a remote certificate is received and this parameter is not disabled,
the value of SubjectAltName is compared with the list of available
Proxies. If a match is found for any of the configured Proxies, the TLS
connection is established.
The comparison is performed if the SubjectAltName is either a DNS
name (DNSName) or an IP address. If no match is found and the
SubjectAltName is marked as ‘critical’, the TLS connection is not
established. If DNSName is used, the certificate can also use wildcards
(‘*’) to replace parts of the domain name.
If the SubjectAltName is not marked as ‘critical’ and there is no match,
the CN value of the SubjectName field is compared with the parameter
To Next Page
Loading...
Need help?
General
