Perle Systems 4030370 Server User Manual


 
237
SSL/TLS
SSL/TLS
Overview
When SSL/TLS is configured, data is encrypted between the IOLAN and the host/device (which must
also support SSL/TLS). When you configure the
SSL/TLS settings in the System section, you are
configuring the default global SSL/TLS settings; you are not configuring an SSL/TLS server.
Functionality
You can create an encrypted connection using SSL/TLS for the following profiles: TruePort, TCP
Sockets
, Terminal (the user’s Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem,
and
Modbus.
When configuring SSL/TLS, the following configuration options are available:
z You can set up the IOLAN to act as an SSL/TLS client or server.
z There is an extensive selection of SSL/TLS ciphers that you can configure for your SSL/TLS
connection;
Appendix B, SSL/TLS Ciphers for a list of SSL/TLS ciphers.
z You can enable peer certificate validation, for which you must supply the validation criteria that
was used when creating the peer certificate (this is case sensitive).
AES The IOLAN SSH server’s AES encryption is enabled/disabled.
Default: Enabled
Break String The break string used for inband SSH break signal processing. A break signal
is generated on a specific serial port only when the server's break option is
enabled and the user currently connected using reverse SSH has typed the
break string exactly.
Field Format: maximum 8 characters
Default: ~break, where ~ is tilde
Enable Verbose
Output
Displays debug messages on the terminal.
Default: Disabled
Allow Compression Requests compression of all data. Compression is desirable on modem lines
and other slow connections, but will only degrade data trransmission speeds on
faster networks.
Default: Disabled
Login Timeout Set the time to wait for the SSH client to complete the login. If the timer
expires before the login is completed, the session is terminated.
Default: 120 seconds
Values: 1-600 seconds
Note:
Some combinations of cipher groups are not available on FIPS firmware versions.
Note:
See Keys and Certificates for information about SSL/TLS support documents.