ssl-send-empty-frags {disable | enable} | Enable to send empty fragments to avoid CBC IV attacks. Compatible with SSL 3.0 and TLS 1.0 only. Default is enable. |
ssl-client-renegotiation {allow | deny | secure} | Control how the ALG responds when a client attempts to renegotiate the SSL session. You can allow renegotiation or block sessions when the client attempts to renegotiate. You can also select secure to reject an SSL connection that does not support RFC 5746 secure renegotiation indication. Default is allow. |
ssl-algorithm {high | low | medium} | Select the relative strength of the algorithms that can be selected. You can select high, the default, to allow only AES or 3DES, medium, to allow AES, 3DES, or RC4 or low, to allow AES, 3DES, RC4, or DES. |
ssl-pfs {allow | deny | regqure} | Select whether to allow, deny, or require perfect forward secrecy (PFS). Default is allow. |
ssl-min-version {ssl-3.0 | tls-1.0 | tls-1.1} | Select the minimum level of SSL support to allow. The default is ssl-3.0. |
ssl-max-version {ssl-3.0 | tls-1.0 | tls-1.1} | Select the maximum level of SSL support to allow. The default is tls-1.1. |