Pour vous éviter une perte de temps sur internet à rechercher des informations sur les examens, concours, les bourses d'études à l'étranger et les opportunités en cours.
Nous avons mis à votre disposition:
- EPREUVES et CORRIGEES DES EXAMENS ET CONCOURS - Grandprof
- LES ASTUCES ET TUTORIELS PREMUIM (VPN, BIN, INTERNET) - Bfast
- COURS ET EXCERCICES PRATIQUES 6eme en Terminale - Edu
- LES EPREUVES ZERO ET SUJETS DES EXAMENS BLANCS - EpreuveZ
- RESULTATS DES EXAMENS ET CONCOURS 2023 - Espacetutos
- LE PLUS D'INFORMATIONS POUR VOUS - Infos
- LES RESULTATS DES EXAMENS DE LA SESSION EN COURS - Resultats
- LES OFFRES D'EMPLOI ET OPPORTUNITES - Emploi
Par ailleurs, nous avons pris le soin de vous informer en temps réel sur les opportunités comme :
- LES BOURSES D'ETUDES POUR AFRICAINS ET ETRANGERS - Bourses
- LES INFORMATIONS SUR LES UNIVERSITES EN AFRIQUE - Campus
- LES INFORMATIONS EN CONTINU - ASTUCES & TECH - fr.espacetutos
How to create the SSL SNI server profile that secures connections between clients and the DataPower® Gateway.
About this task
An SSL SNI server profile defines a virtual SSL server that routes the incoming traffic to the SSL server profiles that have the actual key material and SSL protocol parameters. Each SSL SNI server profile requires an SNI map that provides mapping of host names to SSL server profiles.
You can define a default server profile.
- When defined, the following rules apply.
- When the client does not send a
ClientHelloSNI extension, the default server profile processes the request. - When the client sends a
ClientHelloSNI extension but it does not match a configured host name mapping, the request is rejected.
- When the client does not send a
- When not defined and the client does not send a
ClientHelloSNI extension, the request is rejected.
You can use the var://service/tls-info variable to get the TLS connection information between clients and the DataPower Gateway, including the SNI extension header from the client, if any, the TLS version of the connection, the cipher, and the peer certificate, if any. With this variable, you can add extra checking. For example, to ensure that the host name in the SNI extension from the client matches the host name in the Host header.
For the following settings, if they are defined in both the SSL SNI server profile and the referenced SSL server profile in the SNI map, the settings in the SSL SNI server profile overwrite the settings in the referenced SSL server profile.
- Protocols
- Advanced settings
- Maximum SSL session duration
- Maximum number of client initiated renegotiations to allow
Procedure
- In the search field, enter SSL.
- From the search results, select SSL SNI Server Profile.
- Click Add or New.
- Define the basic properties: Name, administrative state, and descriptive summary.
- Define general settings.
- From the Protocols list, select the SSL and TLS protocol versions to support.
- From the Host name to profile mapping list, select the name of the SNI map.
- Optional: From the Default server profile list, select the SSL server profile to process the request when the
ClientHelloSNI extension is not provided.
- Optional: On the Advanced tab, define advanced settings.
- From the Advanced SSL options list, select the options to apply to SSL connections.
- When you select the Set maximum SSL session duration option: In the Maximum SSL session duration field, enter the maximum time to maintain an SSL session.
- When you select the Set maximum number of client initiated renegotiations to allow option: In the Maximum client initiated renegotiations field, enter the maximum number of renegotiation attempts that a client can initiate per session.
