Tuning

Use this panel to specify tuning values for this AT-TLS security level.

Before you begin, decide on the values and settings that you want to specify in the steps below. If you are satisfied with the defaults, you do not need to change anything on this panel.

Result: The fields on this panel are initially filled in with the default values. If the default values are left in the fields, or you code the default values, Network Configuration Assistant will generate configuration for these fields with default values. If you clear these fields, Network Configuration Assistant will not generate configuration for the fields and the default values will be used by AT-TLS.

Steps

• Select whether to reset the TLSv1/SSLv3 cipher key; if so, type how often to reset it.
• Guideline: The remaining parameters on this panel relate to caching of session identifiers or tickets.
  • If the default values for caching of session identifiers or tickets are acceptable, enable Accept all defaults for caching session identifiers or tickets and you are finished with this panel.
  • If you want to manage the values of these remaining parameters, complete the following steps:
    • Select whether to cache TLSv1/SSLv3 session identifiers; if so, type the number of seconds until cached identifiers expire, and type the number of entries to cache.

      Result: If you select Do not cache, the remaining parameters on this panel, which all relate to caching, will be unavailable.

  • If this security level supports TLS V1.3, you can manage the following TLS 1.3 caching parameters:
    • Client caching of session tickets and session resumption attempts. If you enable this function, you can set the maximum size of a cached session ticket. The default value is 8192.
    • Server sending of session tickets and support for session resumption attempts from the client. If you enable this function, you can set the following additional parameters:
      • Encryption/decryption algorithm for session tickets. The default value is AESCBC128.
      • Number of TLS 1.3 session tickets that will be sent by the server to the client after the initial handshake completes. The default value is 2 seconds.
      • Refresh interval of the encryption key used by the server to encrypt session tickets for TLS 1.3 session resumption. The default value is 300 seconds.
      • Maximum time interval from the initial handshake that a server will accept a session resumption request from the client. The default value is 300 seconds.

You have completed this panel when you have specified in the steps above the values and settings that you want to have different from the defaults.

You can find more detailed help on the following elements of this window:

• Reset Cipher Key Timer
• SSL V3 / TLS V1 Cached identifiers expire after
• SSL V3 / TLS V1 Cache size
• Caching SSL Version 3 / TLS Version 1 session identifiers