CheckCertificateRevocationStatusActions
Defines the actions to take on the SSL/TLS connection if the certificate presented by the server in the connection has a revoked or unknown status.
Contents
- RevokedStatusAction
-
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.
-
PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
-
DROP - Network Firewall closes the connection and drops subsequent packets for that connection.
-
REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection.
REJECTis available only for TCP traffic.
Type: String
Valid Values:
PASS | DROP | REJECTRequired: No
-
- UnknownStatusAction
-
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.
-
PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
-
DROP - Network Firewall closes the connection and drops subsequent packets for that connection.
-
REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection.
REJECTis available only for TCP traffic.
Type: String
Valid Values:
PASS | DROP | REJECTRequired: No
-
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: