Basic TLS client configuration must have a cipher list created using the config>system>security>tls>client-cipher-list command, and the cipher list must be assigned to the TLS client profile using the config>system>security>tls>client-tls-profile>cipher-list command.
TLS imports the trust anchor certificate for peer certificate authentication and public key retrieval. The following example shows a TLS configuration.
A:node-2>config>system>security>tls# info
----------------------------------------------
trust-anchor-profile "server-1-ca" create
trust-anchor "tls-server-1-ca"
exit
client-cipher-list "to-active-server" create
cipher 1 name tls-rsa-with-aes256-cbc-sha256
cipher 2 name tls-rsa-with-aes128-cbc-sha256
cipher 3 name tls-rsa-with-aes256-cbc-sha
exit
client-tls-profile "server-1-profile" create
cipher-list "to-active-server"
trust-anchor-profile ‟server-1-ca‟
no shutdown
exit
----------------------------------------------