show services ssl initiation profile
Syntax
show services ssl initiation profile [all | brief | detail] pic-info fpc-slot slot number pic-slot slot-number
Description
Display the SSL initiation profiles details.
When the CLI is in logical system context mode and you enter an operational-mode command, the output of the command displays information related to the logical system only.
Options
| pic-info fpc-slot slot number pic-slot slot-number | Display the information for the FPC in the specified slot. |
| all | Display all SSL initiation profiles configured on the device. |
| brief | Display brief information about SSL initiation profiles. |
| detail | Display detail information about SSL initiation profiles. |
Required Privilege Level
view
Output Fields
Table 1 lists
the output fields for the show services ssl initiation profile command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
Output Levels |
|---|---|---|
|
SSL initiation profile name |
brief, detail |
|
Allow or not allow (bypass) non-SSL sessions. |
brief, detail |
|
SSL cipher that can be used with acceptable key strength. Possible values are strong, medium, weak, and custom. |
brief, detail |
|
URL categories exempted from SSL proxy. |
brief, detail |
|
SSL protocol version. Possible values are all, TLS version 1.0, TLS version 1.1, and TLS version 1.2. |
detail |
|
Status of client certificate verification process. |
detail |
|
Status of server certificate verification process. |
detail |
|
Crypto mode used. Options are synchronous-hardware or software or asynchronous-hardware. |
detail |
|
SSL session resumption status. |
detail |
|
Status of the CRL checking of certificate validity. |
detail |
|
Digital certificate used. |
detail |
|
Renegotiation option. Possible values are allow, allow secure, and drop. |
detail |
|
Custom ciphers configured. |
detail |
|
Server certificate configured. |
detail |
|
Status of decrypt mirroring functionality. |
detail |
|
Trusted CA configured for a profile |
detail |
|
Number of SSL handshakes started. |
detail |
|
Number of SSL handshakes completed successfully. |
detail |
|
Number of active SSL sessions |
detail |
|
Number of errors occurred during handshake process. |
detail |
|
Cumulative errors in a single counter |
|
|
Number of SSL session resumption count. |
detail |
|
Secure sessions allowed after renegotiation. |
detail |
|
All sessions allowed after renegotiation. |
detail |
|
Sessions with multiple renegotiation. |
detail |
|
Sessions undergoing renegotiation after resumption. |
detail |
|
Number of times no renegotiation alerts received from peer. |
detail |
|
Sessions dropped after renegotiation. |
detail |
Sample Output
command-name
user@host > show services ssl initiation profile all
Lsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] ------
ID Name
65536 SSL_PROFILE_65536_proxy_i
command-name
user@host > show services ssl initiation profile brief profile-name
Lsys Name : root-logical-system
PIC: fpc0 fpc[0] pic[0] ----------
Profile : SSL_PROFILE_65536_proxy_i
allow non-ssl session : true
preferred-ciphers : medium
Num of url categories configured : 0
command-name
user@host > show services ssl initiation profile detail profile-name
Lsys Name : root-logical-system
PIC: fpc0 fpc[0] pic[0] ----------
Profile : SSL_PROFILE_65536_proxy_i
allow non-ssl session : true
preferred-ciphers : medium
Num of url categories configured : 0
Protocol version : all
Client Authentication : notset
Server Authentication : Ignore Failure
Crypto Mode : sw
Session Resumption : Enabled
CRL check : Enabled
Certficate RSA : ssl-inspect-ca
Renegotiation : only secure allowed
Custom ciphers : 0
Server cert : 0
Decrypt Mirror : Disabled
Trusted CA : 0
handshakes started 0
handshakes completed 0
active sessions 0
total handshake errors 0
Data Errors 0
session resumption 0
secure renegotiation 0
insecure renegotiation 0
multiple renegotiation 0
reneg after resumption 0
no_reneg alert by peer 0
drop on reneg 0
Release Information
Command introduced in Junos OS Release 19.3R1.