protocol-version
Syntax
protocol-version (all | tls1 | tls11 | tls12 | tls12-and-lower | tls13);
Hierarchy Level
[edit services ssl termination profile profile-name] [edit services ssl initiation profile profile-name]
Description
Specify the accepted SSL protocol version.
You can specify the SSL/TLS protocol version the SRX Series Firewall uses to negotiate in SSL connections.
Options
-
all—Accept all versions of TLS. This is enabled by default. -
TLS version 1.0—Accept TLS version 1.0. It provides secure communication over networks by providing privacy and data integrity between communicating applications -
TLS version 1.1—Accept TLS version 1.1. This enhanced version of TLS provides protection against cipher-block chaining (CBC) attacks. -
TLS version 1.2—Accept TLS version 1.2. This enhanced version of TLS provides improved flexibility for negotiation of cryptographic algorithms. -
TLS version 1.2 and lower—Accept TLS version 1.2 and lower. -
TLS version 1.3—Accept TLS version 1.3. This enhanced version of TLS provides improved security and better performance.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.1X44-D10. The tls11 and
tls12 options are introduced in 15.1X49-D30. Starting in Junos
OS Release 21.2R1, on SRX Series Firewalls, SSL proxy supports TLS version 1.3.