ssl (Services)
Syntax
ssl {
initiation {
profile profile-name {
actions {
crl {
disable;
if-not-present (allow | drop);
ignore-hold-instruction-code;
}
ignore-server-auth-failure;
}
client-certificate;
custom-ciphers [cipher];
enable-flow-tracing;
enable-session-cache;
preferred-ciphers (custom | medium | strong | weak);
protocol-version (all | tls1 | tls11 | tls12);
trusted-ca (all | [ca-profile] );
}
}
proxy {
global-config {
session-cache-timeout seconds;
}
profile profile-name {
actions {
crl {
disable;
if-not-present (allow | drop);
ignore-hold-instruction-code;
}
disable-session-resumption;
ignore-server-auth-failure;
log {
all;
errors;
info;
sessions-allowed;
sessions-dropped;
sessions-ignored;
sessions-whitelisted;
warning;
}
renegotiation {
(allow | allow-secure | drop);
}
}
custom-ciphers [cipher];
enable-flow-tracing;
preferred-ciphers (custom | medium | strong | weak);
root-ca root-certificate;
trusted-ca (all | [ca-profile] );
whitelist [global-address-book-addresses];
}
}
termination {
profile profile-name {
custom-ciphers [cipher];
enable-flow-tracing;
enable-session-cache;
preferred-ciphers (custom | medium | strong | weak);
protocol-version (all | tls1 | tls11 | tls12);
server-certificate certificate-identifier;
}
}
traceoptions {
file {
filename;
files number;
match regular-expression;
(no-world-readable | world-readable);
size maximum-file-size;
}
flag flag;
level [brief | detail | extensive | verbose];
no-remote-trace;
}
}
Hierarchy Level
[edit services]
Description
Specify the configuration for Secure Socket Layer (SSL) support service. This statement is supported on the SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
12.1X44-D10. The crl statement is supported from 15.1X49-D30.
The protocol-version statement is updated to include tls11 and tls12 from Junos OS Release 15.1X49-D30.