254
SSL/TLS
SSL/TLS
Overview
When SSL/TLS is configured, data is encrypted between the IOLAN and the host/device (which must
also support SSL/TLS). When you configure the
SSL/TLS settings in the System section, you are
configuring the default global SSL/TLS settings; you are not configuring an SSL/TLS server.
Functionality
You can create an encrypted connection using SSL/TLS for the following profiles: TruePort, TCP
Sockets
, Terminal (the user’s Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem,
and
Modbus.
When configuring SSL/TLS, the following configuration options are available:
z You can set up the IOLAN to act as an SSL/TLS client or server.
z There is an extensive selection of SSL/TLS ciphers that you can configure for your SSL/TLS
connection;
Appendix B, SSL/TLS Ciphers for a list of SSL/TLS ciphers.
z You can enable peer certificate validation, for which you must supply the validation criteria that
was used when creating the peer certificate (this is case sensitive).
AES-CBC The IOLAN SSH server’s AES-CBC encryption is enabled/disabled.
Default: Enabled
AES-CTR The IOLAN SSH server’s AES-CTR encryption is enabled/disabled.
Default: Enabled
AES-GCM The IOLAN SSH server’s AES-GCM encryption is enabled/disabled.
Default: Enabled
ChaCha20-
Poly1305
The IOLAN SSH server’s ChaCha20-Poly1305 encryption is enabled/disabled.
Default: Enabled
Break String The break string used for inband SSH break signal processing. A break signal
is generated on a specific serial port only when the server's break option is
enabled and the user currently connected using reverse SSH has typed the
break string exactly.
Field Format: maximum 8 characters
Default: ~break, where ~ is tilde
Enable Verbose
Output
Displays debug messages on the terminal.
Default: Disabled
Allow Compression Requests compression of all data. Compression is desirable on modem lines
and other slow connections, but will only degrade data trransmission speeds on
faster networks.
Default: Disabled
Login Timeout Set the time to wait for the SSH client to complete the login. If the timer
expires before the login is completed, the session is terminated.
Default: 120 seconds
Values : 1-600 seconds
Note:
Some combinations of cipher groups are not available on FIPS firmware versions.