Configuring SSL profiles


You configure SSL profiles at the libraries ssl-profiles level.

To create an SSL profile, use the following command:

Admin@nodename# create libraries ssl-profiles <parameter>

Specify the following parameters:

Parameter

Description

name

The name of the SSL profile.

description

Profile description.

min-tls-version

Minimum TLS version that can be used in this profile:

  • tls1.

  • tls1.1.

  • tls1.2.

max-tls-version

Maximum TLS version that can be used in this profile:

  • tls1.

  • tls1.1.

  • tls1.2.

  • tls1.3.

ssl-ciphers

Select the necessary digital signature and encryption algorithms.

ssl-ciphers-suite

Set encryption algorithms for standard protocols. This parameter is used to select the required signature and encryption algorithms for standard TLS protocols. Specify a version:

  • tls1.

  • tls1.1.

  • tls1.2.

  • tls1.3.

To edit profile information, use the following command:

Admin@nodename# set libraries ssl-profiles <profile-name> <parameter>

The parameters available to update are identical to those used to create a profile.

To delete an entire SSL profile or individual digital signature and encryption algorithms from it, use the following commands:

Admin@nodename# delete libraries ssl-profiles <profile-name> Admin@nodename# delete libraries ssl-profiles <profile-name> ssl-ciphers [ cipher ... ]

To display information about SSL profiles, use the following command:

Admin@nodename# show libraries ssl-profiles Admin@nodename# show libraries ssl-profiles <profile-name>