termination (Services)
Syntax
termination {
profile name {
custom-ciphers;
enable-flow-tracing enable-flow-tracing;
enable-session-cache enable-session-cache;
preferred-ciphers (custom | medium | strong | weak);
protocol-version (all | ssl3 | tls1 | tls11 | tls12);
server-certificate server-certificate;
trusted-ca ;
}
}
Hierarchy Level
[edit services ssl]
Description
Specify the configuration for Secure Socket Layer (SSL) termination support service.
Following types of SSL profiles are supported on SRX Series to secure connections based on the role of the SRX Series Firewall:
SSL initiation: The SRX Series Firewall, acting as an SSL proxy client, initiates and maintains SSL sessions between itself and an SSL server. SRX Series Firewall receives unencrypted data from an HTTP client, and encrypts and transmits the data as ciphertext to the SSL server.
SSL termination: The SRX Series Firewall, actings as an SSL proxy server, terminates the SSL session from the client and then establishing a new SSL connection to the server. The SRX Series Firewall decrypts the data and then sends the data as un-encrypted request to the other servers (HTTP server).
The SSL proxy profile will be applied to the security policy as application services.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
12.1X44-D10. The protocol-version statement is updated
to include tls11 and tls12 from Junos OS Release
15.1X49-D30.