SSL profiles 编辑
An SSL profile is a collection of settings for SSL entities. It offers ease of configuration and flexibility. Instead of configuring the settings on each entity, you can configure them in a profile and bind the profile to all the entities that the settings apply to.
The SSL profile infrastructure has been enhanced to use the latest ciphers and protocols. Differences between the legacy profile (old profile) and the enhanced SSL profile (new profile) are highlighted.
Differences between the old and the new SSL profile infrastructure
Differences | Old Profile | New Profile |
---|---|---|
Ciphers and ECC Curves included in the profile | No | Yes |
Inserting a cipher or cipher group in the middle of an existing list | Unbind all the ciphers and bind again in the order of the required priority. | Add a cipher and assign it a priority. If a priority is not specified, the cipher is assigned the lowest priority in the list. |
Unbinding all the ciphers | unbind ssl vserver \<name\> ciphername –ALL | unbind ssl profile –cipherName FlushAllCiphers (Release 11.0 build 64.x or later includes the FlushAllCiphers parameter for unbinding all the ciphers or cipher groups from a profile, because ALL is treated like a cipher group.) |
State of SSLv3 | n/a | Disabled on the default front-end profile (ns_default_ssl_profile_frontend). Note: Before you enable this profile, SSLv3 is enabled globally. After enabling the profile, SSLv3 is disabled on the front-end default profile. |
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论