Integrated SSL Scanning
Page 12 Finjan proprietary and confidential
Figure 5 - HTTPS Configuration
4.1 HTTPS Configurable Parameters
System administrators can configure the following HTTPS related
parameters.
4.1.1 HTTP Service
The following parameters can be configured by the administrator:
Listening IP: For better system security, it is recommended to
configure the IP address as the IP address of the corresponding
physical interface.
Listening Port: When working in explicit mode (proxy mode), this is the
port number for the HTTPS scanning service.
4.1.2 Advanced
The following parameters can be configured by the administrator:
Allow SSLv2: Enables support for SSLv2 protocol. This option is
disabled by default. This protocol is non-secure and should not be
used unless there are compatibility problems.
Allow SSLv3: Enables support for SSLv3 protocol. This option is
enabled by default.
Allow TLSv1: Enables support for SSLv1 protocol. This option is
enabled by default.
Use Diffie-Hellman: Enables the use of Diffie-Hellman as the key
exchange mechanism between the client and the proxy. This is
enabled by default.
Allow Weak Cipher Suites: Allows the choice of weak (non-secure)
cipher suites while performing an SSL handshake between Vital
Security and the HTTPS server. This option is disabled by default.
Allow Certificate Wildcards: Allows support for Certificate Wildcards.
The Certificate Wildcard works in conjunction with an existing
Certificate Validation rule. This means that only if there is a policy with
a Certificate validation rule will the wildcard support be relevant.
To Next Page
Loading...
Need help?
General
