Perle Systems 4030370 Server User Manual


 
124
Serial Port Profiles
SSL/TLS Settings Tab Field Descriptions
You can create an encrypted connection using SSL/TLS for the following profiles: TruePort, TCP
Sockets
, Terminal (the user’s Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem,
and
Modbus. When you enable this feature, it will automatically use the global SSL/TLS settings
(configured on
Security, SSL/TLS), although you can configure unique SSL/TLS settings for the
serial port.
When configuring SSL/TLS, the following configuration options are available:
z You can set up the IOLAN to act as an SSL/TLS client or server.
z There is an extensive selection of SSL/TLS ciphers that you can configure for your SSL/TLS
connection; see
Appendix B, SSL/TLS Ciphers for a list of SSL/TLS ciphers.
z You can enable peer certificate validation, for which you must supply the validation criteria that
was used when creating the peer certificate (this is case sensitive, so keep that in mind when
enabling and configuring this option).
Configure the following parameters:
Note:
Some combinations of cipher groups are not available on FIPS firmware versions.
Note:
See Keys and Certificates for information about SSL/TLS support documents.
Enable SSL/TLS Activates the SSL/TLS settings for the serial port.
Default: Disabled
Use global settings Uses the SSL/TLS settings configured in the Security section for the serial
port.
Default: Enabled
SSL/TLS Version Specify whether you want to use:
z Any—The IOLAN will try a TLSv1 connection first. If that fails, it will
try an SSLv3 connection. If that fails, it will try an SSLv2 connection.
z TLSv1—The connection will use only TLSv1.
z SSLv3—The connection will use only SSLv3.
Default: Any
SSL/TLS Type Specify whether the IOLAN serial port will act as an SSL/TLS client or server.
Default: Client
Cipher Suite Button Click this button to specify SSL/TLS connection ciphers.
See Cipher Suite Field Descriptions for more information.
Validate Peer
Certificate
Enable this option when you want the Validation Criteria to match the Peer
Certificate for authentication to pass. If you enable this option, you need to
download an SSL/TLS certificate authority (CA) list file to the IOLAN.
Default: Disabled