Home > Configuration > SSL > setsslprofile_allowextendedmastersecret

setsslprofile_allowextendedmastersecret

Use this method to set when set to YES, attempt to use the TLS Extended Master Secret (EMS, as
described in RFC 7627) when negotiating TLS 1.0, TLS 1.1 and TLS 1.2
connection parameters. EMS must be supported by both the TLS client and server
in order to be enabled during a handshake. This setting applies to both
frontend and backend SSL profiles.

Syntax



Parameters

name

Name for the SSL profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the profile is created.
This is mandatory parameter.

allowextendedmastersecret

When set to YES, attempt to use the TLS Extended Master Secret (EMS, as described in RFC 7627) when negotiating TLS 1.0, TLS 1.1 and TLS 1.2 connection parameters. EMS must be supported by both the TLS client and server in order to be enabled during a handshake. This setting applies to both frontend and backend SSL profiles.
Default value = NO.
Possible Values : YES, NO.

Return Value

Returns simpleResult

See Also


addsslprofile

bindsslprofile_certkey

bindsslprofile_cipher

bindsslprofile_cipherpriority

bindsslprofile_ecccurve

bindsslprofile_echconfig

bindsslprofile_sslicacertkey

getsslprofile

rmsslprofile

setsslprofile_allowlegacykdf

setsslprofile_alpnprotocol

setsslprofile_cipher

setsslprofile_cipherredirect

setsslprofile_cleartextport

setsslprofile_clientauth

setsslprofile_clientauthuseboundcachain

setsslprofile_common

setsslprofile_defaultsni

setsslprofile_denysslreneg

setsslprofile_dh

setsslprofile_dhcount

setsslprofile_dhekeyexchangewithpsk

setsslprofile_dhkeyexpsizelimit

setsslprofile_dropreqwithnohostheader

setsslprofile_dynamicclientcert

setsslprofile_encryptedclienthello

setsslprofile_encrypttriggerpktcount

setsslprofile_ersa

setsslprofile_hsts

setsslprofile_includesubdomains

setsslprofile_insertionencoding

setsslprofile_maxage

setsslprofile_ocspstapling

setsslprofile_preload

setsslprofile_prevsessionkeylifetime

setsslprofile_pushenctrigger

setsslprofile_pushenctriggertimeout

setsslprofile_pushflag

setsslprofile_quantumsize

setsslprofile_redirectportrewrite

setsslprofile_sendclosenotify

setsslprofile_serverauth

setsslprofile_sessionkeylifetime

setsslprofile_sessionticket

setsslprofile_sessionticketkeydata

setsslprofile_sessionticketkeyrefresh

setsslprofile_sessionticketlifetime

setsslprofile_sessreuse

setsslprofile_skipclientcertpolicycheck

setsslprofile_snienable

setsslprofile_snihttphostmatch

setsslprofile_ssl3

setsslprofile_sslclientlogs

setsslprofile_sslimaxsessperserver

setsslprofile_sslinterception

setsslprofile_ssliocspcheck

setsslprofile_sslireneg

setsslprofile_ssllogprofile

setsslprofile_sslredirect

setsslprofile_ssltriggertimeout

setsslprofile_strictcachecks

setsslprofile_strictsigdigestcheck

setsslprofile_tls1

setsslprofile_tls11

setsslprofile_tls12

setsslprofile_tls13

setsslprofile_tls13sessionticketsperauthcontext

setsslprofile_zerorttearlydata

unbindsslprofile_certkey

unbindsslprofile_cipher

unbindsslprofile_ecccurve

unbindsslprofile_echconfig

unbindsslprofile_sslicacertkey

unsetsslprofile_allowextendedmastersecret

unsetsslprofile_allowlegacykdf

unsetsslprofile_allowunknownsni

unsetsslprofile_alpnprotocol

unsetsslprofile_cipher

unsetsslprofile_cipherpriority

unsetsslprofile_cipherredirect

unsetsslprofile_cipherurl

unsetsslprofile_cleartextport

unsetsslprofile_clientauth

unsetsslprofile_clientauthuseboundcachain

unsetsslprofile_clientcert

unsetsslprofile_common

unsetsslprofile_defaultsni

unsetsslprofile_denysslreneg

unsetsslprofile_dh

unsetsslprofile_dhcount

unsetsslprofile_dhekeyexchangewithpsk

unsetsslprofile_dhfile

unsetsslprofile_dhkeyexpsizelimit

unsetsslprofile_dropreqwithnohostheader

unsetsslprofile_dynamicclientcert

unsetsslprofile_encryptedclienthello

unsetsslprofile_encrypttriggerpktcount

unsetsslprofile_ersa

unsetsslprofile_ersacount

unsetsslprofile_hsts

unsetsslprofile_includesubdomains

unsetsslprofile_insertionencoding

unsetsslprofile_maxage

unsetsslprofile_maxrenegrate

unsetsslprofile_ocspstapling

unsetsslprofile_preload

unsetsslprofile_prevsessionkeylifetime

unsetsslprofile_pushenctrigger

unsetsslprofile_pushenctriggertimeout

unsetsslprofile_pushflag

unsetsslprofile_quantumsize

unsetsslprofile_redirectportrewrite

unsetsslprofile_sendclosenotify

unsetsslprofile_serverauth

unsetsslprofile_sessionkeylifetime

unsetsslprofile_sessionticket

unsetsslprofile_sessionticketkeydata

unsetsslprofile_sessionticketkeyrefresh

unsetsslprofile_sessionticketlifetime

unsetsslprofile_sessreuse

unsetsslprofile_sesstimeout

unsetsslprofile_skipclientcertpolicycheck

unsetsslprofile_snienable

unsetsslprofile_snihttphostmatch

unsetsslprofile_ssl3

unsetsslprofile_sslclientlogs

unsetsslprofile_sslimaxsessperserver

unsetsslprofile_sslinterception

unsetsslprofile_ssliocspcheck

unsetsslprofile_sslireneg

unsetsslprofile_ssllogprofile

unsetsslprofile_sslredirect

unsetsslprofile_ssltriggertimeout

unsetsslprofile_strictcachecks

unsetsslprofile_strictsigdigestcheck

unsetsslprofile_tls1

unsetsslprofile_tls11

unsetsslprofile_tls12

unsetsslprofile_tls13

unsetsslprofile_tls13sessionticketsperauthcontext

unsetsslprofile_zerorttearlydata