(or functions in both directions). In two-way mode, SSL is used over both
the appliance-to-server connection and over the appliance-to-client
connection. Two-way mode requires both a client and server cryptographic
profile.
server-profile
When the operational mode is either
client
or
two-way
, identifies the
Crypto Profile that is used by the SSL client to authenticate itself to the SSL
server.
client-profile
When the operational mode is
server
or
two-way
, identifies the Crypto
Profile that is used by the SSL server to authenticate itself to SSL clients.
sess-timeout
timer-value
Sets the session timeout value for the server-side session cache. Use an
integer in the range of 1 through 86400 to define the time, in seconds, that
session-specific state data is maintained in the cache.
By default, an SSL server caches SSL session-specific state data for 5
minutes (300 seconds). A value of 0 disables server-side caching.
cache-size
entries
Optionally sets the maximum size of the session cache. Use an integer in
the range of 1 through 500 to define the cache size in kilo entries (1024
entries). For example, a value of 10 defines a maximum cache size of
10,240 entries. By default, the maximum cache size is 20 (20,480 entries).
client-cache
{
on
|
off
}
Optionally disables client-side caching of session state data.
on
(Default) Enables client-side caching.
off
Disables client-side caching.
client-auth-optional
{
on
|
off
}
When acting as an SSL server, controls when SSL client authentication is
optional.
on
Requests but does not require client authentication. When there is
no client certificate, the request does not fail.
off
(Default) Requires client authentication only when the server
cryptographic profile has an assigned Validation Credentials.
client-auth-always-request
{
on
|
off
}
When acting as an SSL server, controls when to request SSL client
authentication.
on
Always requests client authentication.
off
(Default) Requests client authentication only when the server
cryptographic profile has an assigned Validation Credentials.
Guidelines
The
sslproxy
command creates an SSL Proxy Profile that defines an SSL service
type (client, server, two-way). Before creating an SSL Proxy Profile, one or more
Crypto Profile objects must exist. Without the referenced cryptographic profiles, the
SSL proxy profile is created but in the
down
operational state.
Use the
profile
command in Crypto mode to create a cryptographic profile.
106
Command Reference
Summary of Contents for WebSphere XS40
Page 1: ...WebSphere DataPower XML Security Gateway XS40 Command Reference Version 3 7 2 ...
Page 2: ......
Page 3: ...WebSphere DataPower XML Security Gateway XS40 Command Reference Version 3 7 2 ...
Page 44: ...18 Command Reference ...
Page 194: ...168 Command Reference ...
Page 198: ...172 Command Reference ...
Page 206: ...180 Command Reference ...
Page 210: ...184 Command Reference ...
Page 222: ...196 Command Reference ...
Page 232: ...206 Command Reference ...
Page 238: ...212 Command Reference ...
Page 268: ...242 Command Reference ...
Page 272: ...246 Command Reference ...
Page 276: ...250 Command Reference ...
Page 288: ...262 Command Reference ...
Page 292: ...266 Command Reference ...
Page 298: ...272 Command Reference ...
Page 320: ...294 Command Reference ...
Page 322: ...296 Command Reference ...
Page 340: ...314 Command Reference ...
Page 344: ...318 Command Reference ...
Page 352: ...326 Command Reference ...
Page 360: ...334 Command Reference ...
Page 368: ...342 Command Reference ...
Page 376: ...350 Command Reference ...
Page 386: ...360 Command Reference ...
Page 392: ...366 Command Reference ...
Page 396: ...370 Command Reference ...
Page 402: ...376 Command Reference ...
Page 404: ...378 Command Reference ...
Page 408: ...382 Command Reference ...
Page 446: ...420 Command Reference ...
Page 450: ...424 Command Reference ...
Page 456: ...430 Command Reference ...
Page 520: ...494 Command Reference ...
Page 536: ...510 Command Reference ...
Page 550: ...524 Command Reference ...
Page 584: ...558 Command Reference ...
Page 600: ...574 Command Reference ...
Page 605: ... timeout 500 Chapter 63 RADIUS configuration mode 579 ...
Page 606: ...580 Command Reference ...
Page 650: ...624 Command Reference ...
Page 668: ...642 Command Reference ...
Page 704: ...678 Command Reference ...
Page 714: ...688 Command Reference ...
Page 726: ...700 Command Reference ...
Page 734: ...708 Command Reference ...
Page 752: ...726 Command Reference ...
Page 756: ...730 Command Reference ...
Page 804: ...778 Command Reference ...
Page 880: ...854 Command Reference ...
Page 892: ...866 Command Reference ...
Page 912: ...886 Command Reference ...
Page 918: ...892 Command Reference ...
Page 940: ...914 Command Reference ...
Page 946: ...920 Command Reference ...
Page 974: ...948 Command Reference ...
Page 1004: ...978 Command Reference ...
Page 1030: ...1004 Command Reference ...
Page 1032: ...1006 Command Reference ...
Page 1065: ......
Page 1066: ... Printed in USA ...