Resources | profiles | security | tlsProfile


tlsProfile

This object creates and configures a profile for implementing the Transport Layer Security (TLS) protocol for use with SIP over TLS. TLS is an IETF protocol for securing communications across an untrusted network. Normally, SIP packets are sent in plain text over TCP or UDP connections.

Exists on Condition(/system/sbcPersonality/role !='msbc') and (/system/sbcPersonality/role !='mrfp')


Configuration


ParameterPresenceTypeDefaultDescription
nameMstring
The name of this TLS Profile.
appAuthTimerOuint325The higher layer authentication timer in seconds. In the case in which a client does not authenticate itself within TLS, this is the time in which it must complete authentication in a higher-level protocol after the TLS connection comes up.
handshakeTimerOuint325The TLS handshake timer in seconds.
sessionResumpTimerOuint323600The TLS session resumption timer in seconds. The TLS protocol allows multiple connections to be created within one TLS session. The TLS allows resuming a session without repeating the entire expense of the authentication and other setup costs for each connection.
cipherSuite1Oenumerationrsa-with-aes-128-cbc-shaThe first TLS cipher suite choice of this TLS profile.
cipherSuite2OenumerationnosuiteThe second TLS cipher suite choice of this TLS profile.
cipherSuite3OenumerationnosuiteThe third TLS cipher suite choice of this TLS profile.
allowedRolesOenumerationclientandserverThe allowed TLS roles of this TLS profile.
authClientOenumerationtrueThis indicates whether or not a Ema-TLS client is forced to authenticate itself within Ema-TLS.
clientCertNameOstring
The name of Client Certificate referred by this TLS profile.
serverCertNameOstring
The name of Server Certificate referred by this TLS profile.
acceptableCertValidationErrorsOenumerationnoneCertificate validation errors that are acceptable while validating the peer certificate.
ocspProfileNameOreference
The name of OCSP Profile referred by this TLS profile.
v1_0OenumerationenabledTLS Protocol version 1.0
v1_1OenumerationdisabledTLS Protocol version 1.1
v1_2OenumerationdisabledTLS Protocol version 1.2
suppressEmptyFragmentsOenumerationdisabledDetermine whether SBX should insert empty segments while sending packets on TLS over TCP.
peerNameVerifyOenumerationdisabledVerify identity of peer in the certificate
REST API: GET Example

curl -kisu 'admin:secret' -X GET https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name}

REST API: POST Example

curl -kisu 'admin:secret' -X POST -H 'Content-Type: application/vnd.yang.data+xml' https://{SBX-SERVER}/api/config/profiles/security --data '
<tlsProfile>
     <name>{name}</name>
</tlsProfile>
'

REST API: DELETE Example

curl -kisu 'admin:secret' -X DELETE https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name}

  • No labels