124
Serial Port Profiles
SSL/TLS Settings Tab Field DescriptionsYou can create an encrypted connection using SSL/TLS for the following profiles: TruePort , TCP
Sockets, Termin al (the user’s Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem,
and Modbus. When you enable this feature, it will automatically use the global SSL/TLS settings
(configured on Security, SSL/TLS), although you can configure unique SSL/TLS settings for the
serial port.
When configuring SSL/TLS, the following configuration options are available:
zYou can set up the IOLAN to act as an SSL/TLS client or server.
zThere is an extensive selection of SSL/TLS ciphers that you can configure for your SSL/TLS
connection; see Appendix B, SSL/TLS Ciphers for a list of SSL/TLS ciphers.
zYou can enable peer certificate validation, for which you must supply the validation criteria that
was used when creating the peer certificate (this is case sensitive, so keep that in mind when
enabling and configuring this option).
Configure the following parameters:
Note: Some combinations of cipher groups are not available on FIPS firmware versions.
Note: See Keys and Certificates for information about SSL/TLS support documents.
Enable SSL/TLS Activates the SSL/TLS settings for the serial port.
Default: Disabled
Use global settings Uses the SSL/TLS settings configured in the Security section for the serial
port.
Default: Enabled
SSL/TLS Version Specify whether you want to use:
zAny—The IOLAN will try a TLSv1 connection first. If that fails, it will
try an SSLv3 connection. If that fails, it will try an SSLv2 connection.
zTLSv1—The connection will use only TLSv1.
zSSLv3—The connection will use only SSLv3.
Default: Any
SSL/TLS Type Specify whether the IOLAN serial port will act as an SSL/TLS client or server.
Default: Client
Cipher Suite ButtonClick this button to specify SSL/TLS conn ection ciphers.
See Cipher Suite Field Descriptions for more information.
Vali dat e P eer
Certificate
Enable this option when you want the Validation Criteria to match the Peer
Certificate for authentication to pass. If you enable this option, you need to
download an SSL/TLS certificate authority (CA) list file to the IOLAN.
Default: Disabled