Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

xnm-ssl

Syntax

Hierarchy Level

Description

Allow Junos XML protocol TLS requests from remote systems to the local router.

Note:

Junos OS Evolved supports the xnm-ssl statement starting in Junos OS Evolved release 23.4R1. To use this feature on Junos OS Evolved devices you must first configure the following statement:

set interfaces lo0.0 family inet address 127.0.0.1/32

Note:

When FIPS mode is enabled on a device, the xnm-ssl service does not support TLS 1.0. Additionally, on a device running Junos OS release 23.1R1, the xnm-ssl service only supports TLS 1.2 or later.

For a device in FIPS mode:

  • Running Junos OS prior to release 23.1R1, clients can communicate with the xnm-ssl service using TLS 1.0 or later.

  • Running Junos OS release 23.1R1 or later, clients can communicate with the xnm-ssl service using TLS 1.1 or later.

For a device in non-FIPS mode:

  • Running Junos OS prior to release 15.1R8, clients can communicate with the xnm-ssl service using TLS 1.0 or later.

  • Running Junos OS release 15.1R8 or later and prior to release 23.1R1, clients can communicate with the xnm-ssl service using TLS 1.1 or later.

  • Running Junos OS release 23.1R1, clients can communicate with the xnm-ssl service using TLS 1.2 or later.

Options

connection-limit limit

Configure the maximum number of connections sessions for the ftp service per protocol (either IPv6 or IPv4).

Note:

The actual number of maximum connections depends on the availability of system resources, and might be fewer than the configured connection-limit value if the system resources are limited.

  • Range: 1 through 250 connections

  • Default: 75 connections

local-certificate name

Import or reference a TLS certificate by specifying the name of the local certificate to use.

There is no default. The value for local-certificate should be the same as the name provided during the import of the certificate using the CLI configuration statement local at the [edit security certificates] hierarchy level.

rate-limit limit

Configure the maximum number of connections attempts per minute, per protocol (either IPv6 or IPv4) on an access service. For example, a rate limit of 10 allows 10 IPv6 ftp session connection attempts per minute and 10 IPv4 ftp session connection attempts per minute.

  • Range: 1 through 250 connections

  • Default: 150 connections

ssl-renegotiation

Enable TLS re-negotiation for xnm-ssl service.

  • Default: Disabled

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

ssl-renegotiation introduced in Junos OS Release 13.3.