interopTlsCertificateValidation – MX-SIPEP-MIB

Object

scalar r/w Enumeration

Level of security used to validate the peer TLS certificate
          
When the unit is acting as a TLS client, this parameter
specifies which level of security is used to validate a TLS
server certificate.
          
NOTE: This parameter has no effect on the TLS client
authentication when the unit is acting as a TLS server (See
the InteropTlsClientAuthenticationEnable parameter).
          
  * NoValidation: No validation of the peer certificate is
    performed. All TLS connections are accepted without any
    verification. Note that at least one certificate must be
    returned by the peer even if no validation is made. This
    option provides no security and should be restricted to a
    lab use only.
  * TrustedCertificate: Allow a TLS connection only if the
    peer certificate is trusted. A certificate is considered
    trusted when the certificate authority (CA) that signed
    the peer certificate is present in the certMIB/
    othersCertificatesInfoTable. This option provides a
    minimum level of security and should be restricted to a
    lab use only.
  * DnsSrvResponse: Allow a TLS connection if the peer
    certificate is trusted and contains a known host name. A
    known host name can be the FQDN or IP address configured
    as the SIP server, or can also be returned by a DNS SRV
    request. In this case, the match is performed against the
    DNS response name. If it matches either one of the Subject
    Alternate Name (SAN) or Common Name (CN) in the peer
    certificate, the connection is allowed. This option
    provides an acceptable level of security, but not as good
    as HostName.
  * HostName: Allow a TLS connection if the peer certificate
    is trusted and contains a known host name. A known host
    name can only be the FQDN or IP address configured as the
    SIP server. If it matches either one of the Subject
    Alternate Name (SAN) or Common Name (CN) in the peer
    certificate, the connection is allowed. This option
    provides the highest level of security.

Context

MIB: MX-SIPEP-MIB
OID: .0.1400.1.50000.4250
Type: scalar
Access: readwrite
Status: current
Parent: interopGroup

Syntax

Enumeration

Values & Constraints

Enumerated Values

`100`	noValidation
`200`	trustedCertificate
`300`	dnsSrvResponse
`400`	hostName