TTLSConnectionAction statement

Use the TTLSConnectionAction statement to specify attributes for a subset of connections that need attributes different from those specified on the TTLSEnvironmentAction or TTLSGroupAction statement that is referenced by the same TTLSRule statement.

Syntax

Read syntax diagramSkip visual syntax diagram
>>-TTLSConnectionAction--name--| Put Braces and Parameters on Separate Lines |-><

Put Braces and Parameters on Separate Lines

|--+-{-----------------------------------+----------------------|
   +-| TTLSConnectionAction Parameters |-+   
   '-}-----------------------------------'   

TTLSConnectionAction Parameters

|--+-----------------------------------------+------------------>
   '-HandshakeRole--+-Client---------------+-'   
                    +-Server---------------+     
                    '-ServerWithClientAuth-'     

>--+--------------------------+--------------------------------->
   +-TTLSCipherParms----------+   
   '-TTLSCipherParmsRef  name-'   

>--+-----------------------------+------------------------------>
   +-TTLSSignatureParms----------+   
   '-TTLSSignatureParmsRef  name-'   

>--+--------------------------+--+---------+-------------------->
   '-CtraceClearText--+-Off-+-'  '-Trace n-'   
                      '-On--'                  

>--+-------------------------------------+---------------------->
   +-TTLSConnectionAdvancedParms---------+   
   '-TTLSConnectionAdvancedParmsRef name-'   

>--+--------------------------+---------------------------------|
   '-ConnectionUserInstance n-'   

Parameters

name
A string 1 - 32 characters in length specifying the name of this TTLSConnectionAction statement.
HandshakeRole
Specifies the SSL handshake role to be taken. For System SSL, the GSK_SESSION_TYPE value is set to the same value as the HandshakeRole. If this value is specified on the TTLSConnectionAction statement, it is used instead of the value from the TTLSEnvironmentAction statement referenced by the same TTLSRule statement. Valid values are:
Client
Perform the SSL handshake as a client.
Server
Perform the SSL handshake as a server.
ServerWithClientAuth
Perform the SSL handshake as a server requiring client authentication.
TTLSCipherParms
An inline specification of a TTLSCipherParms statement. If this value is specified on the TTLSConnectionAction statement, it is used instead of the value from the TTLSEnvironmentAction statement referenced by the same TTLSRule statement.
TTLSCipherParmsRef
The name of a globally defined TTLSCipherParms statement. If this value is specified on the TTLSConnectionAction statement, it is used instead of the value from the TTLSEnvironmentAction statement referenced by the same TTLSRule statement.
TTLSSignatureParms
An inline specification of a TTLSSignatureParms statement. If this value is specified on the TTLSConnectionAction statement, it is used instead of the value from the TTLSEnvironmentAction statement that is referenced by the same TTLSRule statement.
TTLSSignatureParmsRef
The name of a globally defined TTLSSignatureParms statement. If this value is specified on the TTLSConnectionAction statement, it is used instead of the value from the TTLSEnvironmentAction statement that is referenced by the same TTLSRule statement.
CtraceClearText
Specifies whether application data traced using Ctrace or data trace are shown as unencrypted data. This parameter is applied only to connections that have active AT-TLS security on the connection. If this value is specified on the TTLSConnectionAction statement, it is used instead of the value from the TTLSEnvironmentAction or TTLSGroupAction statement referenced by the same TTLSRule statement. Valid values are:
Off
Application data is not traced as clear text.
On
Application data is traced as clear text.
Trace
Specifies the level of Application Transparent Transport Layer Security (AT-TLS) tracing. The valid values for n are in the range 0 - 255. The sum of the numbers associated with each level of tracing selected is the value that should be specified as n. If n is an odd number, errors are written to joblog, and all other configured traces are sent to syslogd. If this value is specified on the TTLSConnectionAction statement, it is used instead of the value from the TTLSEnvironmentAction or TTLSGroupAction statement referenced by the same TTLSRule statement.
0
No tracing is enabled.
1 (Error)
Errors are traced to the TCP/IP joblog.
2 (Error)
Errors are traced to syslogd. The messages are issued with syslogd priority code err.
4 (Info)
Tracing of when a connection is mapped to an AT-TLS rule and when a secure connection is successfully initiated is enabled. The messages are issued with syslogd priority code info.
8 (Event)
Tracing of major events is enabled. The messages are issued with syslogd priority code debug.
16 (Flow)
Tracing of system SSL calls is enabled. The messages are issued with syslogd priority code debug.
32 (Data)
Tracing of encrypted negotiation and headers is enabled. This traces the negotiation of secure sessions. The messages are issued with syslogd priority code debug.
64
Reserved.
128
Reserved.
255
All tracing is enabled.
TTLSConnectionAdvancedParms
An inline specification of a TTLSConnectionAdvancedParms statement.
TTLSConnectionAdvancedParmsRef
The name of a globally defined TTLSConnectionAdvancedParms statement.
ConnectionUserInstance
Defines a configurable instance identifier for this TTLSConnectionAction statement. The n value can be in the range 0 - 65535. This parameter can be used to signal a change to the Policy Agent without modifying any of the other AT-TLS configuration statements. This parameter can also be used as a field to be updated when a change is made to this TTLSConnectionAction statement. This enables the user to differentiate TTLSConnectionAction statements, based on the instance identifier.