If the method succeeds, rc is 0 else rc > 0. Values above 0x8000 indicate Warnings.

If the method succeeds, message is NULL else message contains Error/Warning message.

List of sslservicegroups

Name of the SSL service group for which to show detailed information.

The state of DH key exchange support for the SSL service group.

The file name and path for the DH parameter.

The refresh count for the re-generation of DH public-key and private-key from the DH parameter.

This option enables the use of NIST recommended (NIST Special Publication 800-56A) bit size for private-key size. For example, for DH params of size 2048bit, the private-key size recommended is 224bits. This is rounded-up to 256bits.

The state of Ephemeral RSA key exchange support for the SSL service group.Ephemeral RSA is used for export ciphers.

The refresh count for the re-generation of RSA public-key and private-key pair.

The state of session re-use support for the SSL service group.

The Session timeout value in seconds.

The state of Cipher Redirect feature. Cipher Redirect feature can be used to provide more readable information to SSL clients about mismatch in ciphers between the client and the SSL vserver.

The redirect URL to be used with the Cipher Redirect feature.

The state of SSLv2 Redirect feature.SSLv2 Redirect feature can be used to provide more readable information to SSL client about non-support of SSLv2 protocol on the SSL vserver.

The redirect URL to be used with SSLv2 Redirect feature.

The state of Client-Authentication support for the SSL service group.

The rule for client certificate requirement in client authentication.

The state of HTTPS redirects for the SSL service group. This is required for the proper functioning of the redirect messages from the server. The redirect message from the server provides the new location for the moved object. This is contained in the HTTP header field: Location, e.g. Location: http://www.moved.org/here.html For the SSL session, if the client browser receives this message, the browser will try to connect to the new location. This will break the secure SSL session, as the object has moved from a secure site (https://) to an un-secure one (http://). Generally browsers flash a warning message on the screen and prompt the user, either to continue or disconnect. The above feature, when enabled will automatically convert all such http:// redirect message to https://. This will not break the client SSL session. Note: The set ssl service method can be used for configuring a front-end SSL service for service based SSL Off-Loading, or a backend SSL service for backend-encryption setup.

The state of port-rewrite feature.

The state of usage of non FIPS approved ciphers.

The state of SSLv2 protocol support for the SSL service group.

State of SSLv3 protocol support for the SSL service group. Note: On platforms with SSL acceleration chips, if the SSL chip does not support SSLv3, this parameter cannot be set to ENABLED.

State of TLSv1.0 protocol support for the SSL service group.

State of TLSv1.1 protocol support for the SSL service group.

State of TLSv1.2 protocol support for the SSL service group.

State of TLSv1.3 protocol support for the SSL service group.

The state of SNI extension. Server Name Indication (SNI) helps to enable SSL encryption on multiple subdomains if the domains are controlled by the same organization and share the same second-level domain name.

State of OCSP stapling support on the SSL virtual server. Supported only if the protocol used is higher than SSLv3. Possible values: ENABLED: The appliance sends a request to the OCSP responder to check the status of the server certificate and caches the response for the specified time. If the response is valid at the time of SSL handshake with the client, the OCSP-based server certificate status is sent to the client during the handshake. DISABLED: The appliance does not check the status of the server certificate.

The state of the server authentication configuration for the SSL service group. For SSL deployments where data is encrypted end-to-end using SSL, you can authenticate the server.

Name to be checked against the CommonName (CN) field in the server certificate bound to the SSL server

The name of the cipher group/alias/name configured for the SSL service group.

The name of the cipher group/alias/name configured for the SSL service group.

The state of the OCSP check parameter. (Mandatory/Optional)

The state of the CRL check parameter. (Mandatory/Optional)

The description of the cipher.

The name of the certificate bound to the SSL service group.

The port on the back-end web-servers where the clear-text data is sent by system. Use this setting for the wildcard IP based SSL Acceleration configuration (*:443).

The service name.

CA certificate.

The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.

Enable sending SSL Close-Notify at the end of a transaction

Named ECC curve bound to servicegroup.

This flag is used to indicate the use of the QUIC transport protocol by a virtual server or service.

Name of the SSL profile that contains SSL settings for the Service Group.

Parameter indicating to check whether peer's certificate is signed with one of signature-hash combination supported by Citrix ADC

CA certbundle name bound to the servicegroup.

This parameter is used to enable or disable the logging of additional information, such as the Session ID and SNI names, from SSL handshakes to the audit logs.