delay-errors
This command controls whether the web service proxy delays error messages to avoid a padding oracle.
- Syntax
- delay-errors
on
delay-errors off
- Parameters
-
on- Delay error messages for the defined duration. This setting is the default value.
off- Do not delay error messages.
- Guidelines
- The delay-errors command controls whether to delay error messages to avoid a
padding oracle. The timing difference that the DataPower®
service sends error messages after request decryption action can provide an attacker with enough
information to determine the contents of plaintext data.
Use the delay-errors-duration command to modify the duration to delay error messages after the DataPower service uses the decryption action to decrypt the request.
- Examples
-
- Change the delay of error messages to 5 seconds.
# delay-errors on # delay-errors-duration 5000 - Disable the delay of error messages.
# delay-errors off
- Change the delay of error messages to 5 seconds.