tls
This command configures the TLS Contexts table, which lets you define TLS certificates, referred to as TLS Contexts.
Syntax
(config-network)# tls <Index> (tls-<Index>)#
|
Command |
Description |
||||||
|---|---|---|---|---|---|---|---|
|
Index |
Defines the table row index. |
||||||
|
certificate |
Certification actions - see certificate. |
||||||
|
ciphers |
Displays ciphers. |
||||||
|
ciphers-client |
Defines the supported cipher suite for TLS clients. |
||||||
|
ciphers-client-tls13 |
Defines the supported cipher suite for TLS 1.3 clients. |
||||||
|
ciphers-server |
Defines the supported cipher suite for the TLS server (in OpenSSL cipher list format). |
||||||
|
ciphers-server-tls13 |
Defines the supported cipher suite for the TLS 1.3 server (in OpenSSL cipher list format). |
||||||
|
dh-key-size {1024|2048|3072} |
Defines the Diffie-Hellman (DH) key size (in bits). Note:
|
||||||
|
dtls-version {dtls-v1.0| dtls-v1.2| unlimited} |
Defines the Datagram Transport Layer Security (DTLS) version, which is used to negotiate keys for WebRTC calls. |
||||||
|
key-exchange-groups |
Defines the groups that are supported for key exchange, ordered from most preferred to least preferred. |
||||||
|
name |
Defines a descriptive name, which is used when associating the row in other tables. |
||||||
|
ocsp-default-response {allow|reject} |
Determines whether the device allows or rejects peer certificates if it cannot connect to the OCSP server. |
||||||
|
ocsp-port |
Defines the OCSP server's TCP port number. |
||||||
|
ocsp-server {disable|enable} |
Enables or disables certificate checking using OCSP. |
||||||
|
ocsp-server-primary |
Defines the IP address (in dotted-decimal notation) of the primary OCSP server. |
||||||
|
ocsp-server-secondary |
Defines the IP address (in dotted-decimal notation) of the secondary OCSP server (optional). |
||||||
|
private-key {delete|generate|import} |
Private key actions - see private-key. |
||||||
|
public-key display |
Displays the public key of the certificate. |
||||||
|
require-strict-cert {off|on} |
Enables the validation of the extensions (keyUsage and extentedKeyUsage) of peer certificates. |
||||||
|
tls-renegotiation {disable|enable} |
Enables multiple TLS renegotiations (handshakes) initiated by the client (peer) with the device. |
||||||
|
tls-version {tls-v1.0|tls-v1.0_1.1|tls-v1.0_1.1_1.2|tls-v1.0_1.1_1.2_1.3|tls-v1.0_1.2|tls-v1.1|tls-v1.1_1.2|tls-v1.1_1.2_1.3||tls-v1.2|tls-v1.2_1.3|tls-v1.3 |unlimited} |
Defines the supported SSL/TLS protocol version. Clients attempting to communicate with the device using a different TLS version are rejected. |
||||||
|
trusted-root {clear-and-import|delete|detail|export|import|summary} |
Trusted root certificate actions - see trusted-root. |
Command Mode
Privileged User
Example
This example configures a TLS Context with TLS Ver. 1.2:
(config-network)# tls 1 (tls-1)# name ITSP (tls-1)# tls-version tls-v1.2 (tls-1)# activate