-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsslprofile_cmds_20230614-170337.txt
825 lines (653 loc) · 44.3 KB
/
sslprofile_cmds_20230614-170337.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
#################### THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL VSERVER WITH SAME SETTINGS #####################
add ssl profile vs_profile_1
unbind ssl profile vs_profile_1 -cipherName DEFAULT
set ssl profile vs_profile_1 -denySSLReneg NO
set ssl profile vs_profile_1 -quantumSize 16384
set ssl profile vs_profile_1 -sslTriggerTimeout 150
set ssl profile vs_profile_1 -sendCloseNotify NO
set ssl profile vs_profile_1 -encryptTriggerPktCount 35
set ssl profile vs_profile_1 -insertionEncoding UTF-8
set ssl profile vs_profile_1 -pushFlag 1
set ssl profile vs_profile_1 -SNIHTTPHostMatch STRICT
set ssl profile vs_profile_1 -pushEncTriggerTimeout 2
set ssl profile vs_profile_1 -dropReqWithNoHostHeader YES
set ssl profile vs_profile_1 -clientAuth ENABLED -clientCert Optional
set ssl profile vs_profile_1 -SNIEnable ENABLED
set ssl profile vs_profile_1 -ocspStapling ENABLED
set ssl profile vs_profile_1 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -dhCount 1000
set ssl profile vs_profile_1 -eRSA ENABLED -eRSACount 1000
set ssl profile vs_profile_1 -sessReuse ENABLED -sessTimeout 200
set ssl profile vs_profile_1 -cipherRedirect ENABLED
set ssl profile vs_profile_1 -sslRedirect ENABLED
set ssl profile vs_profile_1 -HSTS ENABLED -maxage 200000 -IncludeSubdomains YES -preload YES
set ssl profile vs_profile_1 -ssl3 DISABLED
set ssl profile vs_profile_1 -tls1 DISABLED
set ssl profile vs_profile_1 -tls11 DISABLED
set ssl profile vs_profile_1 -tls13 ENABLED
set ssl profile vs_profile_1 -pushEncTrigger Ignore
set ssl profile vs_profile_1 -sendCloseNotify NO
set ssl profile vs_profile_1 -strictSigDigestCheck ENABLED
set ssl profile vs_profile_1 -zeroRttEarlyData ENABLED
set ssl profile vs_profile_1 -dheKeyExchangeWithPsk YES
set ssl profile vs_profile_1 -tls13SessionTicketsPerAuthContext 10
bind ssl profile vs_profile_1 -cipherName DEFAULT
bind ssl profile vs_profile_1 -cipherName cg1
bind ssl profile vs_profile_1 -cipherName cg2
set ssl vserver v2 -sslprofile vs_profile_1
set ssl vserver v3 -sslprofile vs_profile_1
add ssl profile vs_profile_2
set ssl profile vs_profile_2 -denySSLReneg NO
set ssl profile vs_profile_2 -quantumSize 16384
set ssl profile vs_profile_2 -sslTriggerTimeout 150
set ssl profile vs_profile_2 -sendCloseNotify NO
set ssl profile vs_profile_2 -encryptTriggerPktCount 35
set ssl profile vs_profile_2 -insertionEncoding UTF-8
set ssl profile vs_profile_2 -pushFlag 1
set ssl profile vs_profile_2 -SNIHTTPHostMatch STRICT
set ssl profile vs_profile_2 -pushEncTriggerTimeout 2
set ssl profile vs_profile_2 -dropReqWithNoHostHeader YES
set ssl profile vs_profile_2 -sessReuse DISABLED
set ssl profile vs_profile_2 -sendCloseNotify NO
set ssl vserver v10 -sslprofile vs_profile_2
set ssl profile ns_default_ssl_profile_frontend -denySSLReneg NO
set ssl profile ns_default_ssl_profile_frontend -quantumSize 16384
set ssl profile ns_default_ssl_profile_frontend -sslTriggerTimeout 150
set ssl profile ns_default_ssl_profile_frontend -sendCloseNotify NO
set ssl profile ns_default_ssl_profile_frontend -encryptTriggerPktCount 35
set ssl profile ns_default_ssl_profile_frontend -insertionEncoding UTF-8
set ssl profile ns_default_ssl_profile_frontend -pushFlag 1
set ssl profile ns_default_ssl_profile_frontend -SNIHTTPHostMatch STRICT
set ssl profile ns_default_ssl_profile_frontend -pushEncTriggerTimeout 2
set ssl profile ns_default_ssl_profile_frontend -dropReqWithNoHostHeader YES
################################################ THE SSL VSERVER BLOCK ENDS HERE #######################################################
#################### THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL SERVICE WITH SAME SETTINGS #####################
add ssl profile svc_profile_1 -sslProfileType BackEnd
unbind ssl profile svc_profile_1 -cipherName DEFAULT_BACKEND
set ssl profile svc_profile_1 -denySSLReneg NO
set ssl profile svc_profile_1 -quantumSize 16384
set ssl profile svc_profile_1 -sslTriggerTimeout 150
set ssl profile svc_profile_1 -sendCloseNotify NO
set ssl profile svc_profile_1 -encryptTriggerPktCount 35
set ssl profile svc_profile_1 -insertionEncoding UTF-8
set ssl profile svc_profile_1 -pushFlag 1
set ssl profile svc_profile_1 -SNIHTTPHostMatch STRICT
set ssl profile svc_profile_1 -pushEncTriggerTimeout 2
set ssl profile svc_profile_1 -tls12 DISABLED
set ssl profile svc_profile_1 -sendCloseNotify NO
set ssl profile svc_profile_1 -sessReuse DISABLED
bind ssl profile svc_profile_1 -cipherName DEFAULT_BACKEND
bind ssl profile svc_profile_1 -cipherName cg1
bind ssl profile svc_profile_1 -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl profile svc_profile_1 -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
set ssl service svc9 -sslprofile svc_profile_1
set ssl service svc8 -sslprofile svc_profile_1
set ssl service svc7 -sslprofile svc_profile_1
add ssl profile svc_profile_2 -sslProfileType BackEnd
unbind ssl profile svc_profile_2 -cipherName DEFAULT_BACKEND
set ssl profile svc_profile_2 -denySSLReneg NO
set ssl profile svc_profile_2 -quantumSize 16384
set ssl profile svc_profile_2 -sslTriggerTimeout 150
set ssl profile svc_profile_2 -sendCloseNotify NO
set ssl profile svc_profile_2 -encryptTriggerPktCount 35
set ssl profile svc_profile_2 -insertionEncoding UTF-8
set ssl profile svc_profile_2 -pushFlag 1
set ssl profile svc_profile_2 -SNIHTTPHostMatch STRICT
set ssl profile svc_profile_2 -pushEncTriggerTimeout 2
set ssl profile svc_profile_2 -serverAuth ENABLED -commonName abc.com
set ssl profile svc_profile_2 -SNIEnable ENABLED
set ssl profile svc_profile_2 -ssl3 DISABLED
set ssl profile svc_profile_2 -tls1 DISABLED
set ssl profile svc_profile_2 -tls11 DISABLED
set ssl profile svc_profile_2 -sendCloseNotify NO
set ssl profile svc_profile_2 -sessReuse ENABLED
set ssl profile svc_profile_2 -strictSigDigestCheck ENABLED
bind ssl profile svc_profile_2 -cipherName DEFAULT_BACKEND
bind ssl profile svc_profile_2 -cipherName cg1
bind ssl profile svc_profile_2 -cipherName cg2
set ssl service svc6 -sslprofile svc_profile_2
set ssl service svc5 -sslprofile svc_profile_2
set ssl service svc4 -sslprofile svc_profile_2
set ssl profile ns_default_ssl_profile_backend -denySSLReneg NO
set ssl profile ns_default_ssl_profile_backend -quantumSize 16384
set ssl profile ns_default_ssl_profile_backend -sslTriggerTimeout 150
set ssl profile ns_default_ssl_profile_backend -sendCloseNotify NO
set ssl profile ns_default_ssl_profile_backend -encryptTriggerPktCount 35
set ssl profile ns_default_ssl_profile_backend -insertionEncoding UTF-8
set ssl profile ns_default_ssl_profile_backend -pushFlag 1
set ssl profile ns_default_ssl_profile_backend -SNIHTTPHostMatch STRICT
set ssl profile ns_default_ssl_profile_backend -pushEncTriggerTimeout 2
################################################ THE SSL SERVICE BLOCK ENDS HERE #######################################################
#################### THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL SERVICEGROUP WITH SAME SETTINGS #####################
add ssl profile sg_profile_1 -sslProfileType BackEnd
set ssl profile sg_profile_1 -denySSLReneg NO
set ssl profile sg_profile_1 -quantumSize 16384
set ssl profile sg_profile_1 -sslTriggerTimeout 150
set ssl profile sg_profile_1 -sendCloseNotify NO
set ssl profile sg_profile_1 -encryptTriggerPktCount 35
set ssl profile sg_profile_1 -insertionEncoding UTF-8
set ssl profile sg_profile_1 -pushFlag 1
set ssl profile sg_profile_1 -SNIHTTPHostMatch STRICT
set ssl profile sg_profile_1 -pushEncTriggerTimeout 2
set ssl serviceGroup sg1 -sslprofile sg_profile_1
set ssl serviceGroup sg3 -sslprofile sg_profile_1
set ssl serviceGroup sg2 -sslprofile sg_profile_1
add ssl profile sg_profile_2 -sslProfileType BackEnd
set ssl profile sg_profile_2 -denySSLReneg NO
set ssl profile sg_profile_2 -quantumSize 16384
set ssl profile sg_profile_2 -sslTriggerTimeout 150
set ssl profile sg_profile_2 -sendCloseNotify NO
set ssl profile sg_profile_2 -encryptTriggerPktCount 35
set ssl profile sg_profile_2 -insertionEncoding UTF-8
set ssl profile sg_profile_2 -pushFlag 1
set ssl profile sg_profile_2 -SNIHTTPHostMatch STRICT
set ssl profile sg_profile_2 -pushEncTriggerTimeout 2
set ssl profile sg_profile_2 -serverAuth ENABLED
set ssl profile sg_profile_2 -sendCloseNotify NO
set ssl serviceGroup sg10 -sslprofile sg_profile_2
add ssl profile sg_profile_3 -sslProfileType BackEnd
unbind ssl profile sg_profile_3 -cipherName DEFAULT_BACKEND
set ssl profile sg_profile_3 -denySSLReneg NO
set ssl profile sg_profile_3 -quantumSize 16384
set ssl profile sg_profile_3 -sslTriggerTimeout 150
set ssl profile sg_profile_3 -sendCloseNotify NO
set ssl profile sg_profile_3 -encryptTriggerPktCount 35
set ssl profile sg_profile_3 -insertionEncoding UTF-8
set ssl profile sg_profile_3 -pushFlag 1
set ssl profile sg_profile_3 -SNIHTTPHostMatch STRICT
set ssl profile sg_profile_3 -pushEncTriggerTimeout 2
set ssl profile sg_profile_3 -tls12 DISABLED
set ssl profile sg_profile_3 -sendCloseNotify NO
set ssl profile sg_profile_3 -sessReuse DISABLED
bind ssl profile sg_profile_3 -cipherName DEFAULT_BACKEND
bind ssl profile sg_profile_3 -cipherName cg1
bind ssl profile sg_profile_3 -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
bind ssl profile sg_profile_3 -cipherName TLS1-ECDHE-RSA-AES128-SHA
set ssl serviceGroup sg9 -sslprofile sg_profile_3
set ssl serviceGroup sg8 -sslprofile sg_profile_3
set ssl serviceGroup sg7 -sslprofile sg_profile_3
add ssl profile sg_profile_4 -sslProfileType BackEnd
unbind ssl profile sg_profile_4 -cipherName DEFAULT_BACKEND
set ssl profile sg_profile_4 -denySSLReneg NO
set ssl profile sg_profile_4 -quantumSize 16384
set ssl profile sg_profile_4 -sslTriggerTimeout 150
set ssl profile sg_profile_4 -sendCloseNotify NO
set ssl profile sg_profile_4 -encryptTriggerPktCount 35
set ssl profile sg_profile_4 -insertionEncoding UTF-8
set ssl profile sg_profile_4 -pushFlag 1
set ssl profile sg_profile_4 -SNIHTTPHostMatch STRICT
set ssl profile sg_profile_4 -pushEncTriggerTimeout 2
set ssl profile sg_profile_4 -serverAuth ENABLED -commonName abc.com
set ssl profile sg_profile_4 -SNIEnable ENABLED
set ssl profile sg_profile_4 -ssl3 DISABLED
set ssl profile sg_profile_4 -tls1 DISABLED
set ssl profile sg_profile_4 -tls11 DISABLED
set ssl profile sg_profile_4 -sendCloseNotify NO
set ssl profile sg_profile_4 -sessReuse ENABLED -sessTimeout 100
set ssl profile sg_profile_4 -strictSigDigestCheck ENABLED
bind ssl profile sg_profile_4 -cipherName DEFAULT_BACKEND
bind ssl profile sg_profile_4 -cipherName cg1
bind ssl profile sg_profile_4 -cipherName cg2
set ssl serviceGroup sg6 -sslprofile sg_profile_4
set ssl serviceGroup sg5 -sslprofile sg_profile_4
set ssl serviceGroup sg4 -sslprofile sg_profile_4
################################################ THE SSL SERVICEGROUP BLOCK ENDS HERE #######################################################
#################### THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL INTERNAL SERVICE WITH SAME SETTINGS #####################
add ssl profile internalsvc_profile_1
set ssl profile internalsvc_profile_1 -denySSLReneg NO
set ssl profile internalsvc_profile_1 -quantumSize 16384
set ssl profile internalsvc_profile_1 -sslTriggerTimeout 150
set ssl profile internalsvc_profile_1 -sendCloseNotify NO
set ssl profile internalsvc_profile_1 -encryptTriggerPktCount 35
set ssl profile internalsvc_profile_1 -insertionEncoding UTF-8
set ssl profile internalsvc_profile_1 -pushFlag 1
set ssl profile internalsvc_profile_1 -SNIHTTPHostMatch STRICT
set ssl profile internalsvc_profile_1 -pushEncTriggerTimeout 2
set ssl profile internalsvc_profile_1 -eRSA ENABLED
set ssl profile internalsvc_profile_1 -sessReuse DISABLED
set ssl profile internalsvc_profile_1 -ssl3 DISABLED
set ssl profile internalsvc_profile_1 -tls1 DISABLED
set ssl profile internalsvc_profile_1 -tls11 DISABLED
set ssl service nsrnatsip-127.0.0.1-5061 -sslprofile internalsvc_profile_1
set ssl service nskrpcs-127.0.0.1-3009 -sslprofile internalsvc_profile_1
set ssl service nsrpcs-::1l-3008 -sslprofile internalsvc_profile_1
add ssl profile internalsvc_profile_2
unbind ssl profile internalsvc_profile_2 -cipherName DEFAULT
set ssl profile internalsvc_profile_2 -denySSLReneg NO
set ssl profile internalsvc_profile_2 -quantumSize 16384
set ssl profile internalsvc_profile_2 -sslTriggerTimeout 150
set ssl profile internalsvc_profile_2 -sendCloseNotify NO
set ssl profile internalsvc_profile_2 -encryptTriggerPktCount 35
set ssl profile internalsvc_profile_2 -insertionEncoding UTF-8
set ssl profile internalsvc_profile_2 -pushFlag 1
set ssl profile internalsvc_profile_2 -SNIHTTPHostMatch STRICT
set ssl profile internalsvc_profile_2 -pushEncTriggerTimeout 2
set ssl profile internalsvc_profile_2 -eRSA ENABLED
set ssl profile internalsvc_profile_2 -sessReuse DISABLED
set ssl profile internalsvc_profile_2 -ssl3 DISABLED
set ssl profile internalsvc_profile_2 -tls1 DISABLED
set ssl profile internalsvc_profile_2 -tls11 DISABLED
set ssl profile internalsvc_profile_2 -sendCloseNotify NO
set ssl profile internalsvc_profile_2 -strictSigDigestCheck ENABLED
bind ssl profile internalsvc_profile_2 -cipherName DEFAULT
bind ssl profile internalsvc_profile_2 -cipherName cg1
bind ssl profile internalsvc_profile_2 -cipherName TLS1-ECDHE-RSA-AES256-SHA
set ssl service nshttps-127.0.0.1-443 -sslprofile internalsvc_profile_2
set ssl service nsrpcs-127.0.0.1-3008 -sslprofile internalsvc_profile_2
add ssl profile internalsvc_profile_3
unbind ssl profile internalsvc_profile_3 -cipherName DEFAULT
set ssl profile internalsvc_profile_3 -denySSLReneg NO
set ssl profile internalsvc_profile_3 -quantumSize 16384
set ssl profile internalsvc_profile_3 -sslTriggerTimeout 150
set ssl profile internalsvc_profile_3 -sendCloseNotify NO
set ssl profile internalsvc_profile_3 -encryptTriggerPktCount 35
set ssl profile internalsvc_profile_3 -insertionEncoding UTF-8
set ssl profile internalsvc_profile_3 -pushFlag 1
set ssl profile internalsvc_profile_3 -SNIHTTPHostMatch STRICT
set ssl profile internalsvc_profile_3 -pushEncTriggerTimeout 2
bind ssl profile internalsvc_profile_3 -cipherName cg1
bind ssl profile internalsvc_profile_3 -cipherName cg2
set ssl service nshttps-::1l-443 -sslprofile internalsvc_profile_3
################################################ THE SSL INTERNAL SERVICE BLOCK ENDS HERE #####################################################
##################### THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL SERVICE TRANSPARENT WITH SAME SETTINGS #####################
add ssl profile svc_transparent_profile_1
set ssl profile svc_transparent_profile_1 -denySSLReneg NO
set ssl profile svc_transparent_profile_1 -quantumSize 16384
set ssl profile svc_transparent_profile_1 -sslTriggerTimeout 150
set ssl profile svc_transparent_profile_1 -sendCloseNotify NO
set ssl profile svc_transparent_profile_1 -encryptTriggerPktCount 35
set ssl profile svc_transparent_profile_1 -insertionEncoding UTF-8
set ssl profile svc_transparent_profile_1 -pushFlag 1
set ssl profile svc_transparent_profile_1 -SNIHTTPHostMatch STRICT
set ssl profile svc_transparent_profile_1 -pushEncTriggerTimeout 2
set ssl profile svc_transparent_profile_1 -dropReqWithNoHostHeader YES
set ssl profile svc_transparent_profile_1 -eRSA ENABLED
set ssl profile svc_transparent_profile_1 -sessReuse ENABLED -sessTimeout 120
set ssl profile svc_transparent_profile_1 -sendCloseNotify NO
set ssl service trans_svc10 -sslprofile svc_transparent_profile_1
set ssl vserver trans_svc3 -sslprofile svc_transparent_profile_1
set ssl vserver trans_svc2 -sslprofile svc_transparent_profile_1
add ssl profile svc_transparent_profile_2
unbind ssl profile svc_transparent_profile_2 -eccCurveName ALL
set ssl profile svc_transparent_profile_2 -denySSLReneg NO
set ssl profile svc_transparent_profile_2 -quantumSize 16384
set ssl profile svc_transparent_profile_2 -sslTriggerTimeout 150
set ssl profile svc_transparent_profile_2 -sendCloseNotify NO
set ssl profile svc_transparent_profile_2 -encryptTriggerPktCount 35
set ssl profile svc_transparent_profile_2 -insertionEncoding UTF-8
set ssl profile svc_transparent_profile_2 -pushFlag 1
set ssl profile svc_transparent_profile_2 -SNIHTTPHostMatch STRICT
set ssl profile svc_transparent_profile_2 -pushEncTriggerTimeout 2
set ssl profile svc_transparent_profile_2 -dropReqWithNoHostHeader YES
set ssl profile svc_transparent_profile_2 -eRSA ENABLED
set ssl profile svc_transparent_profile_2 -sessReuse ENABLED -sessTimeout 120
set ssl profile svc_transparent_profile_2 -sendCloseNotify NO
set ssl service trans_svc9 -sslprofile svc_transparent_profile_2
add ssl profile svc_transparent_profile_3
unbind ssl profile svc_transparent_profile_3 -cipherName DEFAULT
unbind ssl profile svc_transparent_profile_3 -eccCurveName ALL
set ssl profile svc_transparent_profile_3 -denySSLReneg NO
set ssl profile svc_transparent_profile_3 -quantumSize 16384
set ssl profile svc_transparent_profile_3 -sslTriggerTimeout 150
set ssl profile svc_transparent_profile_3 -sendCloseNotify NO
set ssl profile svc_transparent_profile_3 -encryptTriggerPktCount 35
set ssl profile svc_transparent_profile_3 -insertionEncoding UTF-8
set ssl profile svc_transparent_profile_3 -pushFlag 1
set ssl profile svc_transparent_profile_3 -SNIHTTPHostMatch STRICT
set ssl profile svc_transparent_profile_3 -pushEncTriggerTimeout 2
set ssl profile svc_transparent_profile_3 -dropReqWithNoHostHeader YES
set ssl profile svc_transparent_profile_3 -eRSA ENABLED
set ssl profile svc_transparent_profile_3 -sessReuse ENABLED -sessTimeout 120
set ssl profile svc_transparent_profile_3 -sendCloseNotify NO
bind ssl profile svc_transparent_profile_3 -cipherName cg1
bind ssl profile svc_transparent_profile_3 -eccCurveName P_256
bind ssl profile svc_transparent_profile_3 -eccCurveName P_384
bind ssl profile svc_transparent_profile_3 -eccCurveName P_521
set ssl service trans_svc8 -sslprofile svc_transparent_profile_3
add ssl profile svc_transparent_profile_4
unbind ssl profile svc_transparent_profile_4 -cipherName DEFAULT
set ssl profile svc_transparent_profile_4 -denySSLReneg NO
set ssl profile svc_transparent_profile_4 -quantumSize 16384
set ssl profile svc_transparent_profile_4 -sslTriggerTimeout 150
set ssl profile svc_transparent_profile_4 -sendCloseNotify NO
set ssl profile svc_transparent_profile_4 -encryptTriggerPktCount 35
set ssl profile svc_transparent_profile_4 -insertionEncoding UTF-8
set ssl profile svc_transparent_profile_4 -pushFlag 1
set ssl profile svc_transparent_profile_4 -SNIHTTPHostMatch STRICT
set ssl profile svc_transparent_profile_4 -pushEncTriggerTimeout 2
set ssl profile svc_transparent_profile_4 -dropReqWithNoHostHeader YES
set ssl profile svc_transparent_profile_4 -eRSA ENABLED
set ssl profile svc_transparent_profile_4 -sessReuse ENABLED -sessTimeout 120
set ssl profile svc_transparent_profile_4 -sendCloseNotify NO
bind ssl profile svc_transparent_profile_4 -cipherName DEFAULT
bind ssl profile svc_transparent_profile_4 -cipherName cg1
bind ssl profile svc_transparent_profile_4 -cipherName cg2
set ssl service trans_svc7 -sslprofile svc_transparent_profile_4
add ssl profile svc_transparent_profile_5
set ssl profile svc_transparent_profile_5 -denySSLReneg NO
set ssl profile svc_transparent_profile_5 -quantumSize 16384
set ssl profile svc_transparent_profile_5 -sslTriggerTimeout 150
set ssl profile svc_transparent_profile_5 -sendCloseNotify NO
set ssl profile svc_transparent_profile_5 -encryptTriggerPktCount 35
set ssl profile svc_transparent_profile_5 -insertionEncoding UTF-8
set ssl profile svc_transparent_profile_5 -pushFlag 1
set ssl profile svc_transparent_profile_5 -SNIHTTPHostMatch STRICT
set ssl profile svc_transparent_profile_5 -pushEncTriggerTimeout 2
set ssl profile svc_transparent_profile_5 -dropReqWithNoHostHeader YES
set ssl profile svc_transparent_profile_5 -clientAuth ENABLED -clientCert Optional
set ssl profile svc_transparent_profile_5 -SNIEnable ENABLED
set ssl profile svc_transparent_profile_5 -ocspStapling ENABLED
set ssl profile svc_transparent_profile_5 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -dhCount 1000
set ssl profile svc_transparent_profile_5 -eRSA ENABLED -eRSACount 1000
set ssl profile svc_transparent_profile_5 -sessReuse ENABLED -sessTimeout 200
set ssl profile svc_transparent_profile_5 -cipherRedirect ENABLED
set ssl profile svc_transparent_profile_5 -sslRedirect ENABLED
set ssl profile svc_transparent_profile_5 -ssl3 DISABLED
set ssl profile svc_transparent_profile_5 -tls1 DISABLED
set ssl profile svc_transparent_profile_5 -tls11 DISABLED
set ssl profile svc_transparent_profile_5 -tls13 ENABLED
set ssl profile svc_transparent_profile_5 -pushEncTrigger Ignore
set ssl profile svc_transparent_profile_5 -sendCloseNotify NO
set ssl profile svc_transparent_profile_5 -strictSigDigestCheck ENABLED
set ssl service trans_svc6 -sslprofile svc_transparent_profile_5
set ssl vserver trans_svc5 -sslprofile svc_transparent_profile_5
set ssl vserver trans_svc4 -sslprofile svc_transparent_profile_5
################################################ THE SSL SERVICE TRANSPARENT BLOCK ENDS HERE #######################################################
################ THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL SERVICE GLOBAL TRANSPARENT WITH SAME SETTINGS ##############
add ssl profile vs_global_transparent_profile_1
unbind ssl profile vs_global_transparent_profile_1 -cipherName DEFAULT
set ssl profile vs_global_transparent_profile_1 -denySSLReneg NO
set ssl profile vs_global_transparent_profile_1 -quantumSize 16384
set ssl profile vs_global_transparent_profile_1 -sslTriggerTimeout 150
set ssl profile vs_global_transparent_profile_1 -sendCloseNotify NO
set ssl profile vs_global_transparent_profile_1 -encryptTriggerPktCount 35
set ssl profile vs_global_transparent_profile_1 -insertionEncoding UTF-8
set ssl profile vs_global_transparent_profile_1 -pushFlag 1
set ssl profile vs_global_transparent_profile_1 -SNIHTTPHostMatch STRICT
set ssl profile vs_global_transparent_profile_1 -pushEncTriggerTimeout 2
set ssl profile vs_global_transparent_profile_1 -dropReqWithNoHostHeader YES
set ssl profile vs_global_transparent_profile_1 -clientAuth ENABLED -clientCert Optional
set ssl profile vs_global_transparent_profile_1 -SNIEnable ENABLED
set ssl profile vs_global_transparent_profile_1 -ocspStapling ENABLED
set ssl profile vs_global_transparent_profile_1 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -dhCount 1000
set ssl profile vs_global_transparent_profile_1 -eRSA ENABLED -eRSACount 1000
set ssl profile vs_global_transparent_profile_1 -sessReuse ENABLED -sessTimeout 200
set ssl profile vs_global_transparent_profile_1 -cipherRedirect ENABLED
set ssl profile vs_global_transparent_profile_1 -clearTextPort 80
set ssl profile vs_global_transparent_profile_1 -sslRedirect ENABLED
set ssl profile vs_global_transparent_profile_1 -HSTS ENABLED -maxage 200000 -IncludeSubdomains YES -preload YES
set ssl profile vs_global_transparent_profile_1 -ssl3 DISABLED
set ssl profile vs_global_transparent_profile_1 -tls1 DISABLED
set ssl profile vs_global_transparent_profile_1 -tls11 DISABLED
set ssl profile vs_global_transparent_profile_1 -tls13 ENABLED
set ssl profile vs_global_transparent_profile_1 -pushEncTrigger Ignore
set ssl profile vs_global_transparent_profile_1 -sendCloseNotify NO
set ssl profile vs_global_transparent_profile_1 -strictSigDigestCheck ENABLED
set ssl profile vs_global_transparent_profile_1 -zeroRttEarlyData ENABLED
set ssl profile vs_global_transparent_profile_1 -dheKeyExchangeWithPsk YES
set ssl profile vs_global_transparent_profile_1 -tls13SessionTicketsPerAuthContext 10
bind ssl profile vs_global_transparent_profile_1 -cipherName DEFAULT
bind ssl profile vs_global_transparent_profile_1 -cipherName cg1
bind ssl profile vs_global_transparent_profile_1 -cipherName cg2
set ssl vserver v_gt1 -sslprofile vs_global_transparent_profile_1
add ssl profile vs_global_transparent_profile_2
set ssl profile vs_global_transparent_profile_2 -denySSLReneg NO
set ssl profile vs_global_transparent_profile_2 -quantumSize 16384
set ssl profile vs_global_transparent_profile_2 -sslTriggerTimeout 150
set ssl profile vs_global_transparent_profile_2 -sendCloseNotify NO
set ssl profile vs_global_transparent_profile_2 -encryptTriggerPktCount 35
set ssl profile vs_global_transparent_profile_2 -insertionEncoding UTF-8
set ssl profile vs_global_transparent_profile_2 -pushFlag 1
set ssl profile vs_global_transparent_profile_2 -SNIHTTPHostMatch STRICT
set ssl profile vs_global_transparent_profile_2 -pushEncTriggerTimeout 2
set ssl profile vs_global_transparent_profile_2 -dropReqWithNoHostHeader YES
set ssl profile vs_global_transparent_profile_2 -sendCloseNotify NO
set ssl vserver v-gt2 -sslprofile vs_global_transparent_profile_2
set ssl profile ns_default_ssl_profile_frontend -denySSLReneg NO
set ssl profile ns_default_ssl_profile_frontend -quantumSize 16384
set ssl profile ns_default_ssl_profile_frontend -sslTriggerTimeout 150
set ssl profile ns_default_ssl_profile_frontend -sendCloseNotify NO
set ssl profile ns_default_ssl_profile_frontend -encryptTriggerPktCount 35
set ssl profile ns_default_ssl_profile_frontend -insertionEncoding UTF-8
set ssl profile ns_default_ssl_profile_frontend -pushFlag 1
set ssl profile ns_default_ssl_profile_frontend -SNIHTTPHostMatch STRICT
set ssl profile ns_default_ssl_profile_frontend -pushEncTriggerTimeout 2
set ssl profile ns_default_ssl_profile_frontend -dropReqWithNoHostHeader YES
################################################ SSL GLOBAL TRANSPARENT BLOCK ENDS HERE #######################################################
################ THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL VSERVER HAVING LEGACY SSL PROFILE WITH SAME SETTINGS ################
add ssl profile ssl_profile_vserver_v11
unbind ssl profile ssl_profile_vserver_v11 -cipherName DEFAULT
unbind ssl profile ssl_profile_vserver_v11 -eccCurveName ALL
set ssl profile ssl_profile_vserver_v11 -denySSLReneg NO
set ssl profile ssl_profile_vserver_v11 -quantumSize 16384
set ssl profile ssl_profile_vserver_v11 -sslTriggerTimeout 150
set ssl profile ssl_profile_vserver_v11 -sendCloseNotify NO
set ssl profile ssl_profile_vserver_v11 -encryptTriggerPktCount 35
set ssl profile ssl_profile_vserver_v11 -insertionEncoding UTF-8
set ssl profile ssl_profile_vserver_v11 -pushFlag 1
set ssl profile ssl_profile_vserver_v11 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_vserver_v11 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_vserver_v11 -dropReqWithNoHostHeader YES
set ssl profile ssl_profile_vserver_v11 -dhCount 1000 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -eRSA ENABLED -eRSACount 1000 -sessReuse ENABLED -sessTimeout 200 -cipherRedirect ENABLED -cipherURL "http://abc.com" -clientAuth ENABLED -clientCert Optional -sslRedirect ENABLED -tls1 DISABLED -tls11 DISABLED -tls13 ENABLED -SNIEnable ENABLED -ocspStapling ENABLED -pushEncTrigger Ignore -sendCloseNotify NO -HSTS ENABLED -maxage 200000 -IncludeSubdomains YES -preload YES -zeroRttEarlyData ENABLED -tls13SessionTicketsPerAuthContext 10 -dheKeyExchangeWithPsk YES
bind ssl profile ssl_profile_vserver_v11 -cipherName cg1
bind ssl profile ssl_profile_vserver_v11 -cipherName cg2
bind ssl profile ssl_profile_vserver_v11 -eccCurveName P_256
bind ssl profile ssl_profile_vserver_v11 -eccCurveName P_384
bind ssl profile ssl_profile_vserver_v11 -eccCurveName P_224
set ssl vserver v11 -sslprofile ssl_profile_vserver_v11
add ssl profile ssl_profile_vserver_v12
unbind ssl profile ssl_profile_vserver_v12 -cipherName DEFAULT
set ssl profile ssl_profile_vserver_v12 -denySSLReneg NO
set ssl profile ssl_profile_vserver_v12 -quantumSize 16384
set ssl profile ssl_profile_vserver_v12 -sslTriggerTimeout 150
set ssl profile ssl_profile_vserver_v12 -sendCloseNotify NO
set ssl profile ssl_profile_vserver_v12 -encryptTriggerPktCount 35
set ssl profile ssl_profile_vserver_v12 -insertionEncoding UTF-8
set ssl profile ssl_profile_vserver_v12 -pushFlag 1
set ssl profile ssl_profile_vserver_v12 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_vserver_v12 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_vserver_v12 -dropReqWithNoHostHeader YES
set ssl profile ssl_profile_vserver_v12 -dhCount 1000 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -eRSA ENABLED -eRSACount 1000 -sessReuse ENABLED -sessTimeout 200 -cipherRedirect ENABLED -cipherURL "http://abc.com" -clientAuth ENABLED -clientCert Optional -sslRedirect ENABLED -tls1 DISABLED -tls11 DISABLED -tls13 ENABLED -SNIEnable ENABLED -ocspStapling ENABLED -pushEncTrigger Ignore -sendCloseNotify NO -HSTS ENABLED -maxage 200000 -IncludeSubdomains YES -preload YES -zeroRttEarlyData ENABLED -tls13SessionTicketsPerAuthContext 10 -dheKeyExchangeWithPsk YES
bind ssl profile ssl_profile_vserver_v12 -cipherName DEFAULT
bind ssl profile ssl_profile_vserver_v12 -cipherName cg1
set ssl vserver v12 -sslprofile ssl_profile_vserver_v12
add ssl profile ssl_profile_vserver_v13
set ssl profile ssl_profile_vserver_v13 -denySSLReneg NO
set ssl profile ssl_profile_vserver_v13 -quantumSize 16384
set ssl profile ssl_profile_vserver_v13 -sslTriggerTimeout 150
set ssl profile ssl_profile_vserver_v13 -sendCloseNotify NO
set ssl profile ssl_profile_vserver_v13 -encryptTriggerPktCount 35
set ssl profile ssl_profile_vserver_v13 -insertionEncoding UTF-8
set ssl profile ssl_profile_vserver_v13 -pushFlag 1
set ssl profile ssl_profile_vserver_v13 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_vserver_v13 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_vserver_v13 -dropReqWithNoHostHeader YES
set ssl profile ssl_profile_vserver_v13 -sessReuse ENABLED -sessTimeout 120
set ssl vserver v13 -sslprofile ssl_profile_vserver_v13
set ssl vserver v14 -sslprofile ssl_profile_vserver_v13
add ssl profile ssl_profile_vserver_v-gt3
unbind ssl profile ssl_profile_vserver_v-gt3 -cipherName DEFAULT
unbind ssl profile ssl_profile_vserver_v-gt3 -eccCurveName ALL
set ssl profile ssl_profile_vserver_v-gt3 -denySSLReneg NO
set ssl profile ssl_profile_vserver_v-gt3 -quantumSize 16384
set ssl profile ssl_profile_vserver_v-gt3 -sslTriggerTimeout 150
set ssl profile ssl_profile_vserver_v-gt3 -sendCloseNotify NO
set ssl profile ssl_profile_vserver_v-gt3 -encryptTriggerPktCount 35
set ssl profile ssl_profile_vserver_v-gt3 -insertionEncoding UTF-8
set ssl profile ssl_profile_vserver_v-gt3 -pushFlag 1
set ssl profile ssl_profile_vserver_v-gt3 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_vserver_v-gt3 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_vserver_v-gt3 -dropReqWithNoHostHeader YES
set ssl profile ssl_profile_vserver_v-gt3 -dhCount 1000 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -eRSA ENABLED -eRSACount 1000 -sessReuse ENABLED -sessTimeout 200 -cipherRedirect ENABLED -clientAuth ENABLED -clientCert Optional -sslRedirect ENABLED -tls1 DISABLED -tls11 DISABLED -tls13 ENABLED -SNIEnable ENABLED -ocspStapling ENABLED -pushEncTrigger Ignore -sendCloseNotify NO -HSTS ENABLED -maxage 200000 -IncludeSubdomains YES -preload YES -zeroRttEarlyData ENABLED -tls13SessionTicketsPerAuthContext 10 -dheKeyExchangeWithPsk YES
bind ssl profile ssl_profile_vserver_v-gt3 -cipherName cg1
bind ssl profile ssl_profile_vserver_v-gt3 -eccCurveName P_224
set ssl vserver v-gt3 -sslprofile ssl_profile_vserver_v-gt3
################################################ THE SSL VSERVER WITH LEGACY PROFILE BLOCK ENDS HERE #######################################################
############### THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL SERVICE HAVING LEGACY SSL PROFILE WITH SAME SETTINGS ##############
add ssl profile ssl_profile_service_svc14 -sslProfileType BackEnd
set ssl profile ssl_profile_service_svc14 -denySSLReneg NO
set ssl profile ssl_profile_service_svc14 -quantumSize 16384
set ssl profile ssl_profile_service_svc14 -sslTriggerTimeout 150
set ssl profile ssl_profile_service_svc14 -sendCloseNotify NO
set ssl profile ssl_profile_service_svc14 -encryptTriggerPktCount 35
set ssl profile ssl_profile_service_svc14 -insertionEncoding UTF-8
set ssl profile ssl_profile_service_svc14 -pushFlag 1
set ssl profile ssl_profile_service_svc14 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_service_svc14 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_service_svc14 -eRSA DISABLED -sessReuse ENABLED -sessTimeout 300
set ssl service svc14 -sslprofile ssl_profile_service_svc14
set ssl service svc13 -sslprofile ssl_profile_service_svc14
add ssl profile ssl_profile_service_svc12 -sslProfileType BackEnd
unbind ssl profile ssl_profile_service_svc12 -cipherName DEFAULT_BACKEND
set ssl profile ssl_profile_service_svc12 -denySSLReneg NO
set ssl profile ssl_profile_service_svc12 -quantumSize 16384
set ssl profile ssl_profile_service_svc12 -sslTriggerTimeout 150
set ssl profile ssl_profile_service_svc12 -sendCloseNotify NO
set ssl profile ssl_profile_service_svc12 -encryptTriggerPktCount 35
set ssl profile ssl_profile_service_svc12 -insertionEncoding UTF-8
set ssl profile ssl_profile_service_svc12 -pushFlag 1
set ssl profile ssl_profile_service_svc12 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_service_svc12 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_service_svc12 -eRSA DISABLED -sessReuse ENABLED -sessTimeout 100 -tls1 DISABLED -tls11 DISABLED -SNIEnable ENABLED -serverAuth ENABLED -commonName abc.com -sendCloseNotify NO
bind ssl profile ssl_profile_service_svc12 -cipherName DEFAULT_BACKEND
bind ssl profile ssl_profile_service_svc12 -cipherName cg1
bind ssl profile ssl_profile_service_svc12 -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl profile ssl_profile_service_svc12 -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
set ssl service svc12 -sslprofile ssl_profile_service_svc12
add ssl profile ssl_profile_service_svc11 -sslProfileType BackEnd
unbind ssl profile ssl_profile_service_svc11 -cipherName DEFAULT_BACKEND
set ssl profile ssl_profile_service_svc11 -denySSLReneg NO
set ssl profile ssl_profile_service_svc11 -quantumSize 16384
set ssl profile ssl_profile_service_svc11 -sslTriggerTimeout 150
set ssl profile ssl_profile_service_svc11 -sendCloseNotify NO
set ssl profile ssl_profile_service_svc11 -encryptTriggerPktCount 35
set ssl profile ssl_profile_service_svc11 -insertionEncoding UTF-8
set ssl profile ssl_profile_service_svc11 -pushFlag 1
set ssl profile ssl_profile_service_svc11 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_service_svc11 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_service_svc11 -eRSA DISABLED -sessReuse ENABLED -sessTimeout 100 -tls1 DISABLED -tls11 DISABLED -SNIEnable ENABLED -serverAuth ENABLED -commonName abc.com -sendCloseNotify NO
bind ssl profile ssl_profile_service_svc11 -cipherName cg1
bind ssl profile ssl_profile_service_svc11 -cipherName cg2
set ssl service svc11 -sslprofile ssl_profile_service_svc11
################################################ THE SSL SERVICE WITH LEGACY PROFILE BLOCK ENDS HERE #######################################################
################ THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL SERVICEGROUP HAVING LEGACY SSL PROFILE WITH SAME SETTINGS ###############
add ssl profile ssl_profile_serviceGroup_sg14 -sslProfileType BackEnd
set ssl profile ssl_profile_serviceGroup_sg14 -denySSLReneg NO
set ssl profile ssl_profile_serviceGroup_sg14 -quantumSize 16384
set ssl profile ssl_profile_serviceGroup_sg14 -sslTriggerTimeout 150
set ssl profile ssl_profile_serviceGroup_sg14 -sendCloseNotify NO
set ssl profile ssl_profile_serviceGroup_sg14 -encryptTriggerPktCount 35
set ssl profile ssl_profile_serviceGroup_sg14 -insertionEncoding UTF-8
set ssl profile ssl_profile_serviceGroup_sg14 -pushFlag 1
set ssl profile ssl_profile_serviceGroup_sg14 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_serviceGroup_sg14 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_serviceGroup_sg14 -eRSA DISABLED -sessReuse ENABLED -sessTimeout 300 -strictCAChecks YES
set ssl serviceGroup sg14 -sslprofile ssl_profile_serviceGroup_sg14
set ssl serviceGroup sg13 -sslprofile ssl_profile_serviceGroup_sg14
add ssl profile ssl_profile_serviceGroup_sg12 -sslProfileType BackEnd
unbind ssl profile ssl_profile_serviceGroup_sg12 -cipherName DEFAULT_BACKEND
set ssl profile ssl_profile_serviceGroup_sg12 -denySSLReneg NO
set ssl profile ssl_profile_serviceGroup_sg12 -quantumSize 16384
set ssl profile ssl_profile_serviceGroup_sg12 -sslTriggerTimeout 150
set ssl profile ssl_profile_serviceGroup_sg12 -sendCloseNotify NO
set ssl profile ssl_profile_serviceGroup_sg12 -encryptTriggerPktCount 35
set ssl profile ssl_profile_serviceGroup_sg12 -insertionEncoding UTF-8
set ssl profile ssl_profile_serviceGroup_sg12 -pushFlag 1
set ssl profile ssl_profile_serviceGroup_sg12 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_serviceGroup_sg12 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_serviceGroup_sg12 -eRSA DISABLED -sessReuse ENABLED -sessTimeout 100 -tls1 DISABLED -tls11 DISABLED -SNIEnable ENABLED -serverAuth ENABLED -commonName abc.com -sendCloseNotify NO
bind ssl profile ssl_profile_serviceGroup_sg12 -cipherName DEFAULT_BACKEND
bind ssl profile ssl_profile_serviceGroup_sg12 -cipherName cg1
bind ssl profile ssl_profile_serviceGroup_sg12 -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
bind ssl profile ssl_profile_serviceGroup_sg12 -cipherName TLS1-ECDHE-RSA-AES128-SHA
set ssl serviceGroup sg12 -sslprofile ssl_profile_serviceGroup_sg12
add ssl profile ssl_profile_serviceGroup_sg11 -sslProfileType BackEnd
unbind ssl profile ssl_profile_serviceGroup_sg11 -cipherName DEFAULT_BACKEND
set ssl profile ssl_profile_serviceGroup_sg11 -denySSLReneg NO
set ssl profile ssl_profile_serviceGroup_sg11 -quantumSize 16384
set ssl profile ssl_profile_serviceGroup_sg11 -sslTriggerTimeout 150
set ssl profile ssl_profile_serviceGroup_sg11 -sendCloseNotify NO
set ssl profile ssl_profile_serviceGroup_sg11 -encryptTriggerPktCount 35
set ssl profile ssl_profile_serviceGroup_sg11 -insertionEncoding UTF-8
set ssl profile ssl_profile_serviceGroup_sg11 -pushFlag 1
set ssl profile ssl_profile_serviceGroup_sg11 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_serviceGroup_sg11 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_serviceGroup_sg11 -eRSA DISABLED -sessReuse ENABLED -sessTimeout 100 -tls1 DISABLED -tls11 DISABLED -SNIEnable ENABLED -serverAuth ENABLED -commonName abc.com -sendCloseNotify NO
bind ssl profile ssl_profile_serviceGroup_sg11 -cipherName DEFAULT_BACKEND
bind ssl profile ssl_profile_serviceGroup_sg11 -cipherName cg1
bind ssl profile ssl_profile_serviceGroup_sg11 -cipherName cg2
set ssl serviceGroup sg11 -sslprofile ssl_profile_serviceGroup_sg11
###################################### THE SSL SERVICEGROUP WITH LEGACY PROFILE BLOCK ENDS HERE #############################################
#################### THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL INTERNAL SERVICE HAVING LEGACY SSL PROFILE WITH SAME SETTINGS ###################
add ssl profile ssl_profile_intSvc_nshttps-::1l-443
unbind ssl profile ssl_profile_intSvc_nshttps-::1l-443 -cipherName DEFAULT
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -denySSLReneg NO
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -quantumSize 16384
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -sslTriggerTimeout 150
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -sendCloseNotify NO
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -encryptTriggerPktCount 35
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -insertionEncoding UTF-8
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -pushFlag 1
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_intSvc_nshttps-::1l-443 -sessReuse DISABLED -tls1 DISABLED -tls11 DISABLED -sendCloseNotify NO
bind ssl profile ssl_profile_intSvc_nshttps-::1l-443 -cipherName cg1
bind ssl profile ssl_profile_intSvc_nshttps-::1l-443 -cipherName cg2
set ssl service nshttps-::1l-443 -sslprofile ssl_profile_intSvc_nshttps-::1l-443
################################################ THE SSL INTERNAL SERVICE WITH LEGACY PROFILE BLOCK ENDS HERE #######################################################
########## THIS BLOCK IS TO CREATE,MODIFY AND SET SAME SSL PROFILE ON SSL SERVICE TRANSPARENT HAVING LEGACY SSL PROFILE WITH SAME SETTINGS ###########
add ssl profile ssl_profile_service_trans_svc14
unbind ssl profile ssl_profile_service_trans_svc14 -eccCurveName ALL
set ssl profile ssl_profile_transparent_trans_svc14 -denySSLReneg NO
set ssl profile ssl_profile_transparent_trans_svc14 -quantumSize 16384
set ssl profile ssl_profile_transparent_trans_svc14 -sslTriggerTimeout 150
set ssl profile ssl_profile_transparent_trans_svc14 -sendCloseNotify NO
set ssl profile ssl_profile_transparent_trans_svc14 -encryptTriggerPktCount 35
set ssl profile ssl_profile_transparent_trans_svc14 -insertionEncoding UTF-8
set ssl profile ssl_profile_transparent_trans_svc14 -pushFlag 1
set ssl profile ssl_profile_transparent_trans_svc14 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_transparent_trans_svc14 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_transparent_trans_svc14 -sessReuse ENABLED -sessTimeout 120
set ssl service trans_svc14 -sslprofile ssl_profile_transparent_trans_svc14
add ssl profile ssl_profile_service_trans_svc13
set ssl profile ssl_profile_transparent_trans_svc13 -denySSLReneg NO
set ssl profile ssl_profile_transparent_trans_svc13 -quantumSize 16384
set ssl profile ssl_profile_transparent_trans_svc13 -sslTriggerTimeout 150
set ssl profile ssl_profile_transparent_trans_svc13 -sendCloseNotify NO
set ssl profile ssl_profile_transparent_trans_svc13 -encryptTriggerPktCount 35
set ssl profile ssl_profile_transparent_trans_svc13 -insertionEncoding UTF-8
set ssl profile ssl_profile_transparent_trans_svc13 -pushFlag 1
set ssl profile ssl_profile_transparent_trans_svc13 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_transparent_trans_svc13 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_transparent_trans_svc13 -sessReuse ENABLED -sessTimeout 120
set ssl service trans_svc13 -sslprofile ssl_profile_transparent_trans_svc13
add ssl profile ssl_profile_service_trans_svc12
unbind ssl profile ssl_profile_service_trans_svc12 -cipherName DEFAULT
set ssl profile ssl_profile_transparent_trans_svc12 -denySSLReneg NO
set ssl profile ssl_profile_transparent_trans_svc12 -quantumSize 16384
set ssl profile ssl_profile_transparent_trans_svc12 -sslTriggerTimeout 150
set ssl profile ssl_profile_transparent_trans_svc12 -sendCloseNotify NO
set ssl profile ssl_profile_transparent_trans_svc12 -encryptTriggerPktCount 35
set ssl profile ssl_profile_transparent_trans_svc12 -insertionEncoding UTF-8
set ssl profile ssl_profile_transparent_trans_svc12 -pushFlag 1
set ssl profile ssl_profile_transparent_trans_svc12 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_transparent_trans_svc12 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_transparent_trans_svc12 -dhCount 1000 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -eRSA ENABLED -eRSACount 1000 -sessReuse ENABLED -sessTimeout 200 -cipherRedirect ENABLED -clientAuth ENABLED -clientCert Optional -sslRedirect ENABLED -tls1 DISABLED -tls11 DISABLED -tls13 ENABLED -SNIEnable ENABLED -ocspStapling ENABLED -pushEncTrigger Ignore -sendCloseNotify NO
bind ssl profile ssl_profile_transparent_trans_svc12 -cipherName cg1
set ssl service trans_svc12 -sslprofile ssl_profile_transparent_trans_svc12
add ssl profile ssl_profile_service_trans_svc11
unbind ssl profile ssl_profile_service_trans_svc11 -cipherName DEFAULT
set ssl profile ssl_profile_transparent_trans_svc11 -denySSLReneg NO
set ssl profile ssl_profile_transparent_trans_svc11 -quantumSize 16384
set ssl profile ssl_profile_transparent_trans_svc11 -sslTriggerTimeout 150
set ssl profile ssl_profile_transparent_trans_svc11 -sendCloseNotify NO
set ssl profile ssl_profile_transparent_trans_svc11 -encryptTriggerPktCount 35
set ssl profile ssl_profile_transparent_trans_svc11 -insertionEncoding UTF-8
set ssl profile ssl_profile_transparent_trans_svc11 -pushFlag 1
set ssl profile ssl_profile_transparent_trans_svc11 -SNIHTTPHostMatch STRICT
set ssl profile ssl_profile_transparent_trans_svc11 -pushEncTriggerTimeout 2
set ssl profile ssl_profile_transparent_trans_svc11 -dhCount 1000 -dh ENABLED -dhFile "certs/dh/dh2048.pem" -eRSA ENABLED -eRSACount 1000 -sessReuse ENABLED -sessTimeout 200 -cipherRedirect ENABLED -clientAuth ENABLED -clientCert Optional -sslRedirect ENABLED -tls1 DISABLED -tls11 DISABLED -tls13 ENABLED -SNIEnable ENABLED -ocspStapling ENABLED -pushEncTrigger Ignore -sendCloseNotify NO
bind ssl profile ssl_profile_transparent_trans_svc11 -cipherName DEFAULT
bind ssl profile ssl_profile_transparent_trans_svc11 -cipherName cg1
bind ssl profile ssl_profile_transparent_trans_svc11 -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
set ssl service trans_svc11 -sslprofile ssl_profile_transparent_trans_svc11
###################################### THE SSL SERVICE TRANSPARENT WITH LEGACY PROFILE BLOCK ENDS HERE #############################################