Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

ssl-inspection

Syntax

Hierarchy Level

Description

Inspect HTTP traffic encrypted in SSL protocol. SSL inspection is disabled by default. It is enabled if you configure SSL inspection.

With the Intrusion Detection and Prevention (IDP) Secure Sockets Layer (SSL) decryption feature, SRX Series devices load configured RSA private keys to memory and use them to establish SSL session keys to decrypt data. IDP is required to decrypt the RSA keys and to check the integrity before performing normal encryption or decryption operations using the keys.

Options

The remaining statements are explained separately. See CLI Explorer.

cache-prune-chunk-size

Number of cache entries to delete when pruning SSL session ID cache.

  • Syntax: cache-prune-chunk-size—Number of cache entries to delete when pruning SSL session ID cache.

  • Range: 1 through 100,000

  • Default: 10,000

key-protection

Enabling key protection provides improved security. When key protection is enabled, persistent keys are encrypted when not in use.

Enabling or disabling of this option requires rebooting the device.

Enable secure key handling. This option is off by default.

maximum-cache-size

Maximum SSL session ID cache size.

  • Syntax: maximum-cache-size—Maximum number of SSL session ID cache size.

  • Range: 1 through 5,000,000 sessions

  • Default: 5,000,000

session-id-cache-timeout

Sets the timeout value for an IDP session ID cache (range: 1 through 7200 seconds).

  • Syntax: maximum-cache-size—Maximum number of SSL session ID cache size.

sessions

Maximum number of SSL sessions for inspection. This limit is per Services Processing Unit (SPU).

  • Syntax: number—Number of SSL session to inspect.

  • Range: 1 through 100,000

  • Default: 10,000

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statements introduced in Junos OS Release 9.3.

Options cache-prune-chunk-size and maximum-cache-size introduced in Junos OS Release 10.2.