Skip to content
Was this article helpful?

ssl-dtlsProfile

The following operations can be performed on "ssl-dtlsProfile":

add| rm| set| unset| show|

add ssl dtlsProfile

Create a new DTLS profile on the Citrix ADC.

Synopsis

add ssl dtlsProfile <name> [-pmtuDiscovery ( ENABLED | DISABLED )] [-maxRecordSize <positive_integer>] [-maxRetryTime <positive_integer>] [-helloVerifyRequest ( ENABLED | DISABLED )] [-terminateSession ( ENABLED | DISABLED )] [-maxPacketSize <positive_integer>]

Arguments

name

Name for the DTLS profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@),equals sign (=), and hyphen (-) characters. Cannot be changed after the profile is created.

pmtuDiscovery

Source for the maximum record size value. If ENABLED, the value is taken from the PMTU table. If DISABLED, the value is taken from the profile.

Possible values: ENABLED, DISABLED Default value: DISABLED

maxRecordSize

Maximum size of records that can be sent if PMTU is disabled. Default value: 1459 Minimum value: 250 Maximum value: 1459

maxRetryTime

Wait for the specified time, in seconds, before resending the request. Default value: 3 Minimum value: 0

helloVerifyRequest

Send a Hello Verify request to validate the client.

Possible values: ENABLED, DISABLED Default value: DISABLED

terminateSession

Terminate the session if the message authentication code (MAC) of the client and server do not match.

Possible values: ENABLED, DISABLED Default value: DISABLED

maxPacketSize

Maximum number of packets to reassemble. This value helps protect against a fragmented packet attack. Default value: 120 Minimum value: 0 Maximum value: 86400

Example

add dtlsProfile dtls1 -helloVerifyRequest ENABLED -maxRetryTime 4

rm ssl dtlsProfile

Remove a DTLS profile on the Citrix ADC

Synopsis

rm ssl dtlsProfile <name>

Arguments

name

Name of the DTLS profile

Example

rm dtlsprofile <profile name>

set ssl dtlsProfile

Set/modify DTLS profile values

Synopsis

set ssl dtlsProfile <name> [-pmtuDiscovery ( ENABLED | DISABLED )] [-maxRecordSize <positive_integer>] [-maxRetryTime <positive_integer>] [-helloVerifyRequest ( ENABLED | DISABLED )] [-terminateSession ( ENABLED | DISABLED )] [-maxPacketSize <positive_integer>]

Arguments

name

Name for the DTLS profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@),equals sign (=), and hyphen (-) characters. Cannot be changed after the profile is created.

pmtuDiscovery

Source for the maximum record size value. If ENABLED, the value is taken from the PMTU table. If DISABLED, the value is taken from the profile.

Possible values: ENABLED, DISABLED Default value: DISABLED

maxRecordSize

Maximum size of records that can be sent if PMTU is disabled. Default value: 1459 Minimum value: 250 Maximum value: 1459

maxRetryTime

Wait for the specified time, in seconds, before resending the request. Default value: 3 Minimum value: 0

helloVerifyRequest

Send a Hello Verify request to validate the client.

Possible values: ENABLED, DISABLED Default value: DISABLED

terminateSession

Terminate the session if the message authentication code (MAC) of the client and server do not match.

Possible values: ENABLED, DISABLED Default value: DISABLED

maxPacketSize

Maximum number of packets to reassemble. This value helps protect against a fragmented packet attack. Default value: 120 Minimum value: 0 Maximum value: 86400

Example

set dtlsprofile <profile name> -dropInvalReqs ON -markHttp09Inval ON

unset ssl dtlsProfile

Use this command to remove ssl dtlsProfile settings.Refer to the set ssl dtlsProfile command for meanings of the arguments.

Synopsis

unset ssl dtlsProfile <name> [-pmtuDiscovery] [-maxRecordSize] [-maxRetryTime] [-helloVerifyRequest] [-terminateSession] [-maxPacketSize]

show ssl dtlsProfile

Display all the configured DTLS profiles in the system. If a name is specified, then only that profile is shown.

Synopsis

show ssl dtlsProfile [<name>]

Arguments

name

Name of the DTLS profile.

Output

pmtuDiscovery

PMTU Discovery

maxRecordSize

Maximum record size

maxRetryTime

Maximum retry time

helloVerifyRequest

Hello Verify Request

terminateSession

Terminate Session

maxPacketSize

Maximum Packet Size

builtin

Flag to determine whether dtls profile is built-in or not

feature

The feature to be checked while applying this config

devno

count

stateflag

Example

show dtls profile [profile name]

Was this article helpful?