Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Specify the logging and traffic related actions for a SSL proxy profile.

An SSL proxy profile is required to configure SSL proxy on your SRX Series Firewall. As a part of the proxy profile configuration, you can configure– actions related to certification revocations checks, options to specify if a change in SSL parameters requires renegotiation for a session, option to disable session resumption, option to ignore certificate validation, root CA expiration dates, and other such issues based on your requirements.


  • allow-strong-certificate—Enable devices to use the RSA certificates with key size 4,096 bits. By default, this option is disabled. Option is available on SRX300, SRX320, and SRX380 devices in standalone mode.

    Default - Not configured.

  • crl—Specify the certificate revocation actions.

    • disable—Disable CRL verification.

    • if-not-present—Specify actions for sessions.

      • allow—Allow sessions when CRL information is not available.

      • drop—Drop sessions when CRL information is not available.

    • ignore-hold-instruction-code—Ignore the unconfirmed (on hold) revocation status, and accept a certificate.

  • disable-session-resumption—Disable session resumption.

  • ignore-server-auth-failure—Ignore server authentication failure.

  • log—Specify the logging actions.

    • all—Log all events.

    • errors—Log all error events.

    • info—Log all information events.

    • sessions-allowed—Log SSL session allowed events after an error.

    • sessions-dropped—Log only SSL session dropped events.

    • sessions-ignored—Log session ignored events.

    • sessions-whitelisted—Log SSL session allowlisted events.

    • warning—Log all warning events.

  • renegotiation—Specify the renegotiation options.

    • allow—Allow secure and nonsecure renegotiation.

    • allow-secure—Allow secure negotiation only.

    • drop—Drop session on renegotiation request.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X44-D10. The crl statement is supported from Junos OS Release 15.1X49-D30.