AudioCodes Mediant 1000B User Manual page 920
Media gateway & enterprise session border controller (e-sbc)
Hide thumbs
Also See for Mediant 1000B:
- User manual (1281 pages) ,
- Hardware installation manual (92 pages) ,
- Configuration note (52 pages)
Table of Contents
Advertisement
Parameter
TLS Client Re-
Handshake Interval
tls-re-hndshk-int
[TLSReHandshakeInterv
al]
TLS Mutual
Authentication
[SIPSRequireClientCertifi
cate]
Peer Host Name
Verification Mode
[PeerHostNameVerificati
onMode]
User's Manual
[ \TLSContexts ]
For a detailed description of the table, see 'Configuring TLS Certificate
Contexts' on page 109.
Defines the time interval (in minutes) between TLS Re-Handshakes
initiated by the device.
The interval range is 0 to 1,500 minutes. The default is 0 (i.e., no TLS
Re-Handshake).
Defines the device's mode of operation regarding mutual authentication
and certificate verification for TLS connections.
[0] Disable = (Default)
Device acts as a client: Verification of the server's certificate
depends on the VerifyServerCertificate parameter.
Device acts as a server: The device does not request the client
certificate.
[1] Enable =
Device acts as a client: Verification of the server certificate is
required to establish the TLS connection.
Device acts as a server: The device requires the receipt and
verification of the client certificate to establish the TLS
connection.
Notes:
For the parameter to take effect, a device reset is required.
This feature can be configured per SIP Interface (see 'Configuring
SIP Interfaces' on page 329).
The SIPS certificate files can be changed using the parameters
HTTPSCertFileName and HTTPSRootFileName.
Determines whether the device verifies the Subject Name of a remote
certificate when establishing TLS connections.
[0] Disable (default).
[1] Server Only = Verify Subject Name only when acting as a client
for the TLS connection.
[2] Server & Client = Verify Subject Name when acting as a server or
client for the TLS connection.
When the device receives a remote certificate and the parameter is not
disabled, the IP address from which the certificate is received is
compared with the addresses defined for the Proxy Sets. If no Proxy Set
with the source address is found, the connection is refused. Otherwise,
the value of SubjectAltName field in the certificate is compared with the
addresses\ DNS Names of the classified Proxy Set. If a match is found
for any of the configured Proxies, the TLS connection is established.
The comparison is performed if the SubjectAltName is either a DNS
name (DNSName) or an IP address. If no match is found and the
SubjectAltName is marked as 'critical', the TLS connection is not
established. If DNSName is used, the certificate can also use wildcards
('*') to replace parts of the domain name.
If the SubjectAltName is not marked as 'critical' and there is no match,
the CN value of the SubjectName field is compared with the parameter
TLSRemoteSubjectName. If a match is found, the connection is
established; otherwise, the connection is terminated.
Note: If you set the parameter to [2] (Server & Client), for this
920
Mediant 1000B Gateway and E- SBC
Description
Document #: LTRT-27044
Advertisement
Table of Contents
