5.5.1. TLS parameter constants

NameValue
TLS_CIPHERS_DEFAULTn/a
TLS_CIPHERS_OLDn/a
TLS_CIPHERS_CUSTOMn/a

Table 5.29.  Constants for cipher selection

NameValue
TLSV1_3_CIPHERS_DEFAULTn/a
TLSV1_3_CIPHERS_CUSTOMn/a

Table 5.30.  Constants for TLSv1.3 cipher selection

NameValue
TLS_SHARED_GROUPS_DEFAULTn/a
TLS_SHARED_GROUPS_CUSTOMn/a

Table 5.31.  Constants for shared group selection

NameValue
TLS_HSO_CLIENT_SERVER Perform the TLS-handshake with the client first.
TLS_HSO_SERVER_CLIENT Perform the TLS-handshake with the server first.

Table 5.32.  Handshake order.

NameValue
TLS_NONE Disable encryption between Vela and the peer.
TLS_FORCE_TLS Require encrypted communication between Vela and the peer.
TLS_ACCEPT_STARTTLS Permit STARTTLS sessions. Currently supported only in the Ftp, Smtp and Pop3 proxies.

Table 5.33.  Client connection security type.

NameValue
TLS_NONE Disable encryption between Vela and the peer.
TLS_FORCE_TLS Require encrypted communication between Vela and the peer.
TLS_FORWARD_STARTTLS Forward STARTTLS requests to the server. Currently supported only in the Ftp, Smtp and Pop3 proxies.

Table 5.34.  Server connection security type.

NameValue
TLS_TRUST_LEVEL_NONEAccept invalid for example, expired certificates.
TLS_TRUST_LEVEL_UNTRUSTEDBoth trusted and untrusted certificates are accepted.
TLS_TRUST_LEVEL_FULLOnly valid certificates signed by a trusted CA are accepted.

Table 5.35.  Constants for trust level selection.

NameValue
TLS_INTERMEDIATE_REVOCATION_NONEIgnore result of CA certificate revocation status check.
TLS_INTERMEDIATE_REVOCATION_SOFT_FAILCheck every CA certificate revocation state in the certificate chain. Uncertainty is tolerated.
TLS_INTERMEDIATE_REVOCATION_HARD_FAILCheck every CA certificate revocation state in the certificate chain. Uncertainty is not tolerated.

Table 5.36.  Constants for intermediate certificates revocation check type.

NameValue
TLS_LEAF_REVOCATION_NONEIgnore result of leaf certificate revocation status check.
TLS_LEAF_REVOCATION_SOFT_FAILCheck the revocation state of the leaf certificate. Uncertainty is tolerated.
TLS_LEAF_REVOCATION_HARD_FAILCheck the revocation state of the leaf certificate. Uncertainty is not tolerated.

Table 5.37.  Constants for leaf certificate revocation check type.

NameValue
TLS_ERRORn/a
TLS_DEBUGn/a

Table 5.38.  Verbosity level of the log messages

NameValue
TLS_HS_ACCEPT0
TLS_HS_REJECT1
TLS_HS_POLICY6
TLS_HS_VERIFIED10

Table 5.39.  Handshake policy decisions

Previous Up Next
 Home