Tag :: Tls

EOS 4.35.0F introduces support for Network Time Security (NTS), as defined in RFC8915. NTS provides modern cryptographic security for the client-server mode of the Network Time Protocol (NTP). It separates key establishment from time synchronization by using a TLS-based NTS Key Establishment (NTS-KE) protocol to negotiate symmetric keys and encrypted cookies. These cookies are included in subsequent NTP packets to enable stateless authentication by the server. NTS ensures that time synchronization data is received from a legitimate source and has not been modified in transit.

This is an infrastructure that provides management of SSL certificates, keys and profiles. SSL/TLS is an application-layer protocol that provides secure transport between client and server through a combination of authentication, encryption and data integrity. SSL/TLS uses certificates and private-public key pairs to provide this security. A user can manage certificates, keys and also multiple SSL profiles. An SSL profile is a configuration which includes certificate, key and trusted CA certificates used in SSL/TLS communication. An SSL profile configuration can be attached to another EOS configuration which supports SSL/TLS communication. Individual EOS features that use this infrastructure will document the details of using an SSL profile in their configuration.

This supports checking that the value of a given x509 certificate OID matches a user-provided value during the TLS handshake in OpenConfig. If the value does not match, no connection will be established.

This feature adds TLS support to the existing syslog logging mechanism. With the new added CLI commands, the user can