Chapter 7 Advanced Expressions: Parsing SSL Certificates 143

Prefixes That Return Text or Boolean Values for SSL and Client Certificate Data

Prefix

Description

 

 

CLIENT.SSL.CIPHER_NAME

Returns the name of the SSL Cipher if invoked

 

from an SSL connection, and a NULL string if

 

invoked from a non-SSL connection.

CLIENT.SSL.IS_SSL

Returns a Boolean TRUE if the current connection

 

is SSL-based.

Prefixes for Numeric Data in SSL Certificates

The following table describes prefixes that evaluate numeric data other than dates in SSL certificates. These prefixes can be used with the operations that are described in “Basic Operations on Expression Prefixes,” on page 44 and “Compound Operations for Numbers,” on page 48.

Prefixes That Evaluate Numeric Data Other Than Dates in SSL Certificates

Prefix

Description

 

 

CLIENT.SSL.CLIENT_CERT.

Returns the number of days that the certificate is

DAYS_TO_EXPIRE

valid, or returns -1 for expired certificates.

CLIENT.SSL.CLIENT_CERT.

Returns the size of the public key used in the

PK_SIZE

certificate.

CLIENT.SSL.CLIENT_CERT.

Returns the version number of the certificate. If the

VERSION

connection is not SSL-based, returns zero (0).

CLIENT.SSL.CIPHER_BITS

Returns the number of bits in the cryptograhic key.

 

Returns 0 if the connection is not SSL based.

CLIENT.SSL.VERSION

Returns a number that represents the SSL protocol

 

version, as follows:

 

0. The transaction is not SSL based.

 

0x002. The transaction is SSLv2.

 

0x300. The transaction is SSLv3.

 

0x301. The transaction is TLSv1.

 

 

Note: For expressions related to expiration dates in a certificate, see “Expressions for SSL Certificate Dates,” on page 101.

Expressions for SSL Certificates

You can parse SSL certificates by configuring expressions that use the following prefix:

Page 157
Image 157
Citrix Systems 9.2 manual Prefixes for Numeric Data in SSL Certificates, Expressions for SSL Certificates