Chapter 46 SSL Inspection
ZyWALL Series CLI Reference Guide
421
46.2.1 SSL Inspection General Settings
Table 229 SSL Inspection General Settings
COMMAND DESCRIPTION
ssl-inspection server-sign-
cert mode {default | rsa-
1024 | rsa-2048}
Select how to validate a client accessing a HTTPS website using RSA
encryption through the Zyxel Device. The Zyxel Device must check that the
client’s certificate and public key are valid and were issued by a
Certificate Authority (CA) listed in the Zyxel Device's list of trusted CAs. The
default value is 1024.
Note: You should flush the SSL inspection certificate cache after
changing the server signing mode.
ssl-inspection server-sign-
cert mode {ecdsa-rsa-
1024|ecdsa-rsa-2048}
Select how to validate a client accessing a HTTPS website using ECDSA
encryption through the Zyxel Device. ECDSA is required by certain clients
such as iOS 13.
•
ecdsa-rsa-1024 means the Zyxel Device uses ECDSA-256 if the
client supports ECDSA-256, or RSA-1024 if the client does not support
ECDSA-256.
•
ecdsa-rsa-2048 means the Zyxel Device uses ECDSA-256 if the
client supports ECDSA-256, or RSA-2048 if the client does not support
ECDSA-256.
ssl-inspection pkt-enc-mss
<536..1460>
Sets the maximum TCP packet size that the Zyxel Device will encrypt, in
bytes. If a packet’s size is greater than this value, then the Zyxel Device
splits the packet into two or more packets.
The default value is 1460.
show ssl-inspection status
Displays the current configuration of SSL inspection.
To Next Page
Loading...
