If the method succeeds, rc is 0 else rc > 0. Values above 0x8000 indicate Warnings.

If the method succeeds, message is NULL else message contains Error/Warning message.

List of sslservices

Name of the SSL service for which to show detailed information.

The state of the CRL check parameter. (Mandatory/Optional)

The state of Diffie-Hellman (DH) key exchange support.

The file name and path for the DH parameter.

The refresh count for regeneration of DH public-key and private-key from the DH parameter.

This option enables the use of NIST recommended(NIST Special Publication 800-56A) bit size for private-key size. For example, for DH params of size 2048bit, the private-key size recommended is 224bits. This is rounded-up to 256bits.

The state of Ephemeral RSA key exchange support. Ephemeral RSA is used for export ciphers

The refresh count for re-generation of RSA public-key and pri-vate-key pair.

The state of session reuse support.

The session timeout value in seconds.

The state of Cipher Redirect feature.Cipher Redirect feature can be used to provide more readable information to SSL clients about mismatch in ciphers between the client and the SSL vserver.

The redirect URL to be used with the Cipher Redirect feature.

The state of SSLv2 Redirect feature.SSLv2 Redirect feature can be used to provide more readable information to SSL client about non-support of SSLv2 protocol on the SSL vserver.

The redirect URL to be used with the SSLv2 Redirect feature.

The state of Client-Authentication support.

The rule for client certificate requirement in client authentication.

The state of HTTPS redirect feature.

The state of port rewrite feature.

The state of usage of non FIPS approved ciphers.

The state of SSLv2 protocol support.

The state of SSLv3 protocol support.

The state of TLSv1.0 protocol support.

The state of TLSv1.1 protocol support.

The state of TLSv1.2 protocol support.

The state of TLSv1.3 protocol support.

The state of DTLSv1.0 protocol support.

The state of DTLSv1.2 protocol support.

The state of SNI extension. Server Name Indication (SNI) helps to enable SSL encryption on multiple subdomains if the domains are controlled by the same organization and share the same second-level domain name.

State of OCSP stapling support on the SSL virtual server. Supported only if the protocol used is higher than SSLv3. Possible values: ENABLED: The appliance sends a request to the OCSP responder to check the status of the server certificate and caches the response for the specified time. If the response is valid at the time of SSL handshake with the client, the OCSP-based server certificate status is sent to the client during the handshake. DISABLED: The appliance does not check the status of the server certificate.

The state of Server-Authentication support.

Name to be checked against the CommonName (CN) field in the server certificate bound to the SSL server

The cipher group/alias/individual cipher configuration.

The cipher group/alias/individual cipher configuration

The cipher suite description.

The certificate key pair binding.

The SSL policy binding.

Invoke flag. This attribute is relevant only for ADVANCED policies

Type of policy label invocation.

Name of the label to invoke if the current policy rule evaluates to TRUE.

The clearTextPort settings.

The priority of the policies bound to this SSL service

The phase of the SSL connection in which the policy rule is evaluated. Possible Value: SERVER_AUTH_VAL_REQ. The bindpoint means:: 1. SERVER_AUTH_VAL_REQ: Policy evaluation will be performed during the verification of the server certificate. Action allowed with this type is: OCSPCERTVALIDATION.

Whether the bound policy is a inherited policy or not

Rule to use for the OCSP responder associated with the CA certificate during client authentication. If MANDATORY is specified, deny all SSL clients if the OCSP check fails because of connectivity issues with the remote OCSP server, or any other reason that prevents the OCSP check. With the OPTIONAL setting, allow SSL clients even if the OCSP check fails except when the client certificate is revoked.

PUSH packet triggering encryption: Always, Ignore, Merge

CA certificate.

The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

The flag is used to indicate whether this particular CA certificate's CA_Name needs to be sent to the SSL client while requesting for client certificate in a SSL handshake

Enable sending SSL Close-Notify at the end of a transaction

Name of the DTLS profile that contains DTLS settings for the service.

The flag is used to indicate whether DTLS is set or not

This flag is used to indicate the use of the QUIC transport protocol by a virtual server or service.

Named ECC curve bound to service/vserver.

Name of the SSL profile that contains SSL settings for the service.

Parameter indicating to check whether peer's certificate during TLS1.2 handshake is signed with one of signature-hash combination supported by Citrix ADC

Flag indicating whether the bound cipher was the DEFAULT cipher, bound at boot time, or any other cipher from the CLI

CA certbundle name bound to the service.

The flag is used to indicate whether all CA_names in this particular CA certificate bundle needs to be sent to the SSL client while requesting for client certificate in a SSL handshake

This parameter is used to enable or disable the logging of additional information, such as the Session ID and SNI name, from SSL handshakes to the audit logs.