initiation (Services)
Syntax
initiation{
profile name {
actions {
crl {
disable disable;
if-not-present (allow | drop);
ignore-hold-instruction-code ignore-hold-instruction-code;
}
ignore-server-auth-failure ignore-server-auth-failure;
}
client-certificate client-certificate;
custom-ciphers (ecdhe-rsa-with-3des-ede-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha256 | ecdhe-rsa-with-aes-128-gcm-sha256 | ecdhe-rsa-with-aes-256-cbc-sha | ecdhe-rsa-with-aes-256-cbc-sha384 | ecdhe-rsa-with-aes-256-gcm-sha384 | rsa-export-with-des40-cbc-sha | rsa-export-with-rc4-40-md5 | rsa-export1024-with-des-cbc-sha | rsa-export1024-with-rc4-56-md5 | rsa-export1024-with-rc4-56-sha | rsa-with-3des-ede-cbc-sha | rsa-with-aes-128-cbc-sha | rsa-with-aes-128-cbc-sha256 | rsa-with-aes-128-gcm-sha256 | rsa-with-aes-256-cbc-sha | rsa-with-aes-256-cbc-sha256 | rsa-with-aes-256-gcm-sha384 | rsa-with-des-cbc-sha | rsa-with-null-md5 | rsa-with-null-sha | rsa-with-rc4-128-md5 | rsa-with-rc4-128-sha);
enable-flow-tracing enable-flow-tracing;
enable-session-cache enable-session-cache;
preferred-ciphers (custom | medium | strong | weak);
protocol-version (all | ssl3 | tls1 | tls11 | tls12);
trusted-ca ;
}
}
Hierarchy Level
[edit services ssl]
Description
Specify the configuration for Secure Socket Layer (SSL) initiation support service. The SRX Series Firewall, acting as an SSL proxy client, initiates and maintains SSL sessions between itself and an SSL server. SRX Series Firewall receives un-encrypted data from an HTTP client, and encrypts and transmits the data as ciphertext to the SSL server.
Options
client-certificate—Local certificate.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
12.1X44-D10. The protocol-version statement is updated
to include tls11 and tls12 from Junos OS Release
15.1X49-D30.