Home > Configuration > SSL > setsslvserver_dhekeyexchangewithpsk

setsslvserver_dhekeyexchangewithpsk

Use this method to set whether or not the SSL Virtual Server will require a DHE key exchange to occur when a PSK is accepted during a TLS 1.3 resumption handshake.
A DHE key exchange ensures forward secrecy even in the event that ticket keys are compromised, at the expense of an additional round trip and resources required to carry out the DHE key exchange.
If disabled, a DHE key exchange will be performed when a PSK is accepted but only if requested by the client.
If enabled, the server will require a DHE key exchange when a PSK is accepted regardless of whether the client supports combined PSK-DHE key exchange. This setting only has an effect when resumption is enabled.

Syntax



Parameters

vservername

Name of the SSL virtual server for which to set advanced configuration.
This is mandatory parameter.

dhekeyexchangewithpsk

Whether or not the SSL Virtual Server will require a DHE key exchange to occur when a PSK is accepted during a TLS 1.3 resumption handshake. A DHE key exchange ensures forward secrecy even in the event that ticket keys are compromised, at the expense of an additional round trip and resources required to carry out the DHE key exchange. If disabled, a DHE key exchange will be performed when a PSK is accepted but only if requested by the client. If enabled, the server will require a DHE key exchange when a PSK is accepted regardless of whether the client supports combined PSK-DHE key exchange. This setting only has an effect when resumption is enabled.
Default value = NO.
Possible Values : YES, NO.

Return Value

Returns simpleResult

See Also


bindsslvserver_cacertbundle

bindsslvserver_certkey

bindsslvserver_certkeybundle

bindsslvserver_cipher

bindsslvserver_ecccurve

bindsslvserver_policy

getsslvserver

setsslvserver_cipherredirect

setsslvserver_cleartextport

setsslvserver_clientauth

setsslvserver_defaultsni

setsslvserver_dh

setsslvserver_dhcount

setsslvserver_dhkeyexpsizelimit

setsslvserver_dtls1

setsslvserver_dtls12

setsslvserver_dtlsprofile

setsslvserver_ersa

setsslvserver_hsts

setsslvserver_includesubdomains

setsslvserver_maxage

setsslvserver_ocspstapling

setsslvserver_preload

setsslvserver_pushenctrigger

setsslvserver_redirectportrewrite

setsslvserver_sendclosenotify

setsslvserver_sessreuse

setsslvserver_snienable

setsslvserver_ssl2

setsslvserver_ssl3

setsslvserver_sslclientlogs

setsslvserver_sslprofile

setsslvserver_sslredirect

setsslvserver_sslv2redirect

setsslvserver_strictsigdigestcheck

setsslvserver_tls1

setsslvserver_tls11

setsslvserver_tls12

setsslvserver_tls13

setsslvserver_tls13sessionticketsperauthcontext

setsslvserver_zerorttearlydata

statsslvserver

unbindsslvserver_cacertbundle

unbindsslvserver_certkey

unbindsslvserver_certkeybundle

unbindsslvserver_cipher

unbindsslvserver_ecccurve

unbindsslvserver_policy

unsetsslvserver_cipherredirect

unsetsslvserver_cipherurl

unsetsslvserver_cleartextport

unsetsslvserver_clientauth

unsetsslvserver_clientcert

unsetsslvserver_defaultsni

unsetsslvserver_dh

unsetsslvserver_dhcount

unsetsslvserver_dhekeyexchangewithpsk

unsetsslvserver_dhfile

unsetsslvserver_dhkeyexpsizelimit

unsetsslvserver_dtls1

unsetsslvserver_dtls12

unsetsslvserver_dtlsprofile

unsetsslvserver_ersa

unsetsslvserver_ersacount

unsetsslvserver_hsts

unsetsslvserver_includesubdomains

unsetsslvserver_maxage

unsetsslvserver_ocspstapling

unsetsslvserver_preload

unsetsslvserver_redirectportrewrite

unsetsslvserver_sendclosenotify

unsetsslvserver_sessreuse

unsetsslvserver_sesstimeout

unsetsslvserver_snienable

unsetsslvserver_ssl2

unsetsslvserver_ssl3

unsetsslvserver_sslclientlogs

unsetsslvserver_sslprofile

unsetsslvserver_sslredirect

unsetsslvserver_sslv2redirect

unsetsslvserver_sslv2url

unsetsslvserver_strictsigdigestcheck

unsetsslvserver_tls1

unsetsslvserver_tls11

unsetsslvserver_tls12

unsetsslvserver_tls13

unsetsslvserver_tls13sessionticketsperauthcontext

unsetsslvserver_zerorttearlydata