actions
Syntax
actions {
allow-strong-certificate;
crl {
disable;
if-not-present (allow | drop);
ignore-hold-instruction-code;
}
disable-session-resumption;
ignore-server-auth-failure;
log {
all;
errors;
info;
sessions-allowed;
sessions-dropped;
sessions-ignored;
sessions-whitelisted;
warning;
}
renegotiation {
(allow | allow-secure | drop);
}
}
Hierarchy Level
[edit services ssl proxy (Services) profile (Services SSL Proxy)]
Description
Specify the logging and traffic related actions for a SSL proxy profile.
An SSL proxy profile is required to configure SSL proxy on your SRX Series Firewall. As a part of the proxy profile configuration, you can configure– actions related to certification revocations checks, options to specify if a change in SSL parameters requires renegotiation for a session, option to disable session resumption, option to ignore certificate validation, root CA expiration dates, and other such issues based on your requirements.
Options
allow-strong-certificate—Enable devices to use the RSA certificates with key size 4,096 bits. By default, this option is disabled. Option is available on SRX300, SRX320, and SRX380 devices in standalone mode.Default - Not configured.
crl—Specify the certificate revocation actions.disable—Disable CRL verification.if-not-present—Specify actions for sessions.allow—Allow sessions when CRL information is not available.drop—Drop sessions when CRL information is not available.
ignore-hold-instruction-code—Ignore the unconfirmed (on hold) revocation status, and accept a certificate.
disable-session-resumption—Disable session resumption.ignore-server-auth-failure—Ignore server authentication failure.log—Specify the logging actions.all—Log all events.errors—Log all error events.info—Log all information events.sessions-allowed—Log SSL session allowed events after an error.sessions-dropped—Log only SSL session dropped events.sessions-ignored—Log session ignored events.sessions-whitelisted—Log SSL session allowlisted events.warning—Log all warning events.
renegotiation—Specify the renegotiation options.allow—Allow secure and nonsecure renegotiation.allow-secure—Allow secure negotiation only.drop—Drop session on renegotiation request.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
12.1X44-D10. The crl statement is supported from Junos
OS Release 15.1X49-D30.