profile (Services SSL Proxy)

Syntax

Hierarchy Level

Description

Specify the SSL server profile. An SSL proxy profile defines SSL behavior for the SRX Series Firewall.

The SSL proxy profile will be applied to the security policy as application services.

Options

`profile-name`	Profile identifier.
actions	Logging and traffic related actions.
custom-ciphers	Custom cipher list. Values: `ecdhe-rsa-with-3des-ede-cbc-sha`—ECDHE/RSA, 3DES EDE/CBC, SHA hash `ecdhe-rsa-with-aes-128-cbc-sha`—ECDHE/RSA, 128-bit AES/CBC, SHA hash `ecdhe-rsa-with-aes-128-cbc-sha256`—ECDHE/RSA, 128-bit AES/CBC, SHA256 hash `ecdhe-rsa-with-aes-128-gcm-sha256`—ECDHE/RSA, 128-bit AES/GCM, SHA256 hash `ecdhe-rsa-with-aes-256-cbc-sha`—ECDHE/RSA, 256-bit AES/CBC, SHA hash `ecdhe-rsa-with-aes-256-cbc-sha384`—ECDHE/RSA, 256-bit AES/CBC, SHA384 hash `ecdhe-rsa-with-aes-256-gcm-sha384`—ECDHE/RSA, 256-bit AES/gcm, SHA384 hash `rsa-export-with-des40-cbc-sha`—RSA-export, 40-bit DES/CBC, SHA hash `rsa-export-with-rc4-40-md5`—RSA-export, 40-bit RC4, MD5 hash `rsa-export1024-with-des-cbc-sha`—RSA 1024-bit export, DES/CBC, SHA hash `rsa-export1024-with-rc4-56-md5`—RSA 1024-bit export, 56 bit RC4, MD5 hash `rsa-export1024-with-rc4-56-sha`—RSA 1024-bit export, 56 bit RC4, SHA hash `rsa-with-3des-ede-cbc-sha`—RSA, 3DES EDE/CBC, SHA hash `rsa-with-aes-128-cbc-sha`—RSA, 128-bit AES/CBC, SHA hash `rsa-with-aes-128-cbc-sha256`—RSA, 128-bit AES/CBC, SHA256 hash `rsa-with-aes-128-gcm-sha256`—RSA, 128-bit AES/gcm, SHA256 hash `rsa-with-aes-256-cbc-sha`—RSA, 256-bit AES/CBC, SHA hash `rsa-with-aes-256-cbc-sha256`—RSA, 256-bit AES/CBC, SHA256 hash `rsa-with-aes-256-gcm-sha384`—RSA, 256-bit AES/gcm, SHA384 hash `rsa-with-des-cbc-sha`—RSA, DES CBC, SHA hash `rsa-with-null-md5`—RSA, no symmetric cipher, MD5 hash `rsa-with-null-sha`—RSA, no symmetric cipher, SHA hash `rsa-with-rc4-128-md5`—RSA, 128-bit RC4, MD5 hash `rsa-with-rc4-128-sha`—RSA, 128-bit RC4, SHA hash
disable-deferred-profile-selection	Disable the deferred profile selection mechanism. In the defered profile selection mechanism, the SSL proxy module defers SSL profile selection until the dynamic application is detected in a client hello message based on the Server Name Indication (SNI). After detecting dynamic application, SSL proxy module does a firewall rule lookup based on the identified application and selects an appropriate SSL proxy profile.
enable-flow-tracing	Enable flow tracing for the profile.
preferred-ciphers	Select preferred ciphers. Values: `custom`—Configure custom cipher suite and order of preference. `medium`—Use ciphers with key strength of 128-bits or greater. `strong`—Use ciphers with key strength of 168-bits or greater. `weak`—Use ciphers with key strength of 40-bits or greater.
root-ca	Root certificate for interdicting server certificates in proxy mode.
server-certificate	Local certificate identifier.
trusted-ca	List of trusted certificate authority profiles.
whitelist	Addresses exempted from SSL proxy.
whitelist-url-categories	URL categories exempted from SSL proxy.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X44-D10.

The crl statement is supported from 15.1X49-D30.

The logical system option is introduced in Junos OS Release 19.1R1.

ON THIS PAGE