TLS protocols enable the TLS client and TLS server to negotiate
additional functionality for a connection. If either the TLS client
or TLS server does not understand a function, the function is not
used on the connection. However, the TLS client or TLS server might
require that the function be supported by the remote partner. If the
remote partner does not support the function, the connection can be
closed. Each function can be configured as Required, Optional, or
Off.
- Required
The connection ends if the remote endpoint does not
accept the TLS function.
- Optional
The function is negotiated on the connection, but
the connection does not end if the remote partner does not support
the function.
- Off
The function is not supported on the connection. If the
remote partner requires this function, the remote partner closes this
connection.
Guideline: For TLS servers, configure
the functions as Optional to prevent remote partners that require
this extension from being unable to connect.