Home > Configuration > SSL > setsslvserver_ersa

setsslvserver_ersa

Use this method to set state of Ephemeral RSA (eRSA) key exchange. Ephemeral RSA allows clients that support only export ciphers to communicate with the secure server even if the server certificate does not support export clients. The ephemeral RSA key is automatically generated when you bind an export cipher to an SSL or TCP-based SSL virtual server or service. When you remove the export cipher, the eRSA key is not deleted. It is reused at a later date when another export cipher is bound to an SSL or TCP-based SSL virtual server or service. The eRSA key is deleted when the appliance restarts.

Syntax



Parameters

vservername

Name of the SSL virtual server for which to set advanced configuration.
This is mandatory parameter.

ersa

State of Ephemeral RSA (eRSA) key exchange. Ephemeral RSA allows clients that support only export ciphers to communicate with the secure server even if the server certificate does not support export clients. The ephemeral RSA key is automatically generated when you bind an export cipher to an SSL or TCP-based SSL virtual server or service. When you remove the export cipher, the eRSA key is not deleted. It is reused at a later date when another export cipher is bound to an SSL or TCP-based SSL virtual server or service. The eRSA key is deleted when the appliance restarts.
Default value = ENABLED.
Possible Values : ENABLED, DISABLED.

ersacount

Refresh count for regeneration of the RSA public-key and private-key pair. Zero (0) specifies infinite usage (no refresh).
Maximum value = 65534.

Return Value

Returns simpleResult

See Also


bindsslvserver_cacertbundle

bindsslvserver_certkey

bindsslvserver_certkeybundle

bindsslvserver_cipher

bindsslvserver_ecccurve

bindsslvserver_policy

getsslvserver

setsslvserver_cipherredirect

setsslvserver_cleartextport

setsslvserver_clientauth

setsslvserver_defaultsni

setsslvserver_dh

setsslvserver_dhcount

setsslvserver_dhekeyexchangewithpsk

setsslvserver_dhkeyexpsizelimit

setsslvserver_dtls1

setsslvserver_dtls12

setsslvserver_dtlsprofile

setsslvserver_hsts

setsslvserver_includesubdomains

setsslvserver_maxage

setsslvserver_ocspstapling

setsslvserver_preload

setsslvserver_pushenctrigger

setsslvserver_redirectportrewrite

setsslvserver_sendclosenotify

setsslvserver_sessreuse

setsslvserver_snienable

setsslvserver_ssl2

setsslvserver_ssl3

setsslvserver_sslclientlogs

setsslvserver_sslprofile

setsslvserver_sslredirect

setsslvserver_sslv2redirect

setsslvserver_strictsigdigestcheck

setsslvserver_tls1

setsslvserver_tls11

setsslvserver_tls12

setsslvserver_tls13

setsslvserver_tls13sessionticketsperauthcontext

setsslvserver_zerorttearlydata

statsslvserver

unbindsslvserver_cacertbundle

unbindsslvserver_certkey

unbindsslvserver_certkeybundle

unbindsslvserver_cipher

unbindsslvserver_ecccurve

unbindsslvserver_policy

unsetsslvserver_cipherredirect

unsetsslvserver_cipherurl

unsetsslvserver_cleartextport

unsetsslvserver_clientauth

unsetsslvserver_clientcert

unsetsslvserver_defaultsni

unsetsslvserver_dh

unsetsslvserver_dhcount

unsetsslvserver_dhekeyexchangewithpsk

unsetsslvserver_dhfile

unsetsslvserver_dhkeyexpsizelimit

unsetsslvserver_dtls1

unsetsslvserver_dtls12

unsetsslvserver_dtlsprofile

unsetsslvserver_ersa

unsetsslvserver_ersacount

unsetsslvserver_hsts

unsetsslvserver_includesubdomains

unsetsslvserver_maxage

unsetsslvserver_ocspstapling

unsetsslvserver_preload

unsetsslvserver_redirectportrewrite

unsetsslvserver_sendclosenotify

unsetsslvserver_sessreuse

unsetsslvserver_sesstimeout

unsetsslvserver_snienable

unsetsslvserver_ssl2

unsetsslvserver_ssl3

unsetsslvserver_sslclientlogs

unsetsslvserver_sslprofile

unsetsslvserver_sslredirect

unsetsslvserver_sslv2redirect

unsetsslvserver_sslv2url

unsetsslvserver_strictsigdigestcheck

unsetsslvserver_tls1

unsetsslvserver_tls11

unsetsslvserver_tls12

unsetsslvserver_tls13

unsetsslvserver_tls13sessionticketsperauthcontext

unsetsslvserver_zerorttearlydata