The ssl-connection allow use public-parameter enable command enables the exclusive mode virtual gateway to establish SSL connections using a public local certificate and SSL cipher suite.
The undo ssl-connection allow use public-parameter enable command disables the exclusive mode virtual gateway from establishing SSL connections using a public local certificate and SSL cipher suite.
ssl-connection allow use public-parameter enable
undo ssl-connection allow usepublic-parameter enable
This command is valid only to the exclusive mode virtual gateway that shares a public IP address. The sharing mode virtual gateway that shares a public IP address must use the domain name, SSL version, and cipher suite in the public configurations to establish SSL connections. By default, the exclusive mode virtual gateway uses the public SSL version.
When you access an exclusive mode virtual gateway using a domain name, the virtual gateway cannot be distinguished based on the domain name if the Client Hello packet on the client end does not carry the Server Name Indication (SNI, containing the domain name information). In such a case, the public local certificate, SSL version, and cipher suite can be used to establish an SSL connection, and the virtual gateway can be distinguished based on the domain name carried in the HTTP packet.
Considering system security, by default, the exclusive mode virtual gateway is prohibited to establish SSL connections using the public local certificate and cipher suite. This function can be enabled in the scenario where the local public certificate, SSL version, and cipher suite are required.
This function also needs to be enabled when the local certificate and the public local certificate of the exclusive mode virtual gateway are the same.