| Name | Value |
|---|---|
| SSL_CIPHERS_HIGH | n/a |
| SSL_CIPHERS_MEDIUM | n/a |
| SSL_CIPHERS_LOW | n/a |
| SSL_CIPHERS_ALL | n/a |
| SSL_CIPHERS_CUSTOM | n/a |
Table 5.31. Constants for cipher selection
| Name | Value |
|---|---|
| TLSV1_3_CIPHERS_DEFAULT | n/a |
| TLSV1_3_CIPHERS_CUSTOM | n/a |
Table 5.32. Constants for TLSv1.3 cipher selection
| Name | Value |
|---|---|
| TLS_SHARED_GROUPS_DEFAULT | n/a |
| TLS_SHARED_GROUPS_CUSTOM | n/a |
Table 5.33. Constants for shared group selection
| Name | Value |
|---|---|
| SSL_HSO_CLIENT_SERVER | Perform the SSL-handshake with the client first. |
| SSL_HSO_SERVER_CLIENT | Perform the SSL-handshake with the server first. |
Table 5.34. Handshake order.
| Name | Value |
|---|---|
| SSL_NONE | Disable encryption between Zorp and the peer. |
| SSL_FORCE_SSL | Require encrypted communication between Zorp and the peer. |
| SSL_ACCEPT_STARTTLS | Permit STARTTLS sessions. Currently supported only in the Ftp, Smtp and Pop3 proxies. |
Table 5.35. Client connection security type.
| Name | Value |
|---|---|
| SSL_NONE | Disable encryption between Zorp and the peer. |
| SSL_FORCE_SSL | Require encrypted communication between Zorp and the peer. |
| SSL_FORWARD_STARTTLS | Forward STARTTLS requests to the server. Currently supported only in the Ftp, Smtp and Pop3 proxies. |
Table 5.36. Server connection security type.
| Name | Value |
|---|---|
| TLS_TRUST_LEVEL_NONE | Accept invalid for example, expired certificates. |
| TLS_TRUST_LEVEL_UNTRUSTED | Both trusted and untrusted certificates are accepted. |
| TLS_TRUST_LEVEL_FULL | Only valid certificates signed by a trusted CA are accepted. |
Table 5.37. Constants for trust level selection.
| Name | Value |
|---|---|
| TLS_INTERMEDIATE_REVOCATION_NONE | Ignore result of CA certificate revocation status check. |
| TLS_INTERMEDIATE_REVOCATION_SOFT_FAIL | Check every CA certificate revocation state in the certificate chain. Uncertainty is tolerated. |
| TLS_INTERMEDIATE_REVOCATION_HARD_FAIL | Check every CA certificate revocation state in the certificate chain. Uncertainty is not tolerated. |
Table 5.38. Constants for intermediate certificates revocation check type.
| Name | Value |
|---|---|
| TLS_LEAF_REVOCATION_NONE | Ignore result of leaf certificate revocation status check. |
| TLS_LEAF_REVOCATION_SOFT_FAIL | Check the revocation state of the leaf certificate. Uncertainty is tolerated. |
| TLS_LEAF_REVOCATION_HARD_FAIL | Check the revocation state of the leaf certificate. Uncertainty is not tolerated. |
Table 5.39. Constants for leaf certificate revocation check type.
Published on March 04, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
