Resources | profiles | security | tlsProfile
| |
Exists on Condition | (/system/sbcPersonality/role !='msbc') and (/system/sbcPersonality/role !='mrfp') |
Parameter | Presence | Type | Default | Description | |
---|---|---|---|---|---|
![]() ![]() | name | M | string | The name of this TLS Profile. | |
![]() | appAuthTimer | O | uint32 | 5 | The higher layer authentication timer in seconds. In the case in which a client does not authenticate itself within TLS, this is the time in which it must complete authentication in a higher-level protocol after the TLS connection comes up. |
![]() | handshakeTimer | O | uint32 | 5 | The TLS handshake timer in seconds. |
![]() | sessionResumpTimer | O | uint32 | 3600 | The TLS session resumption timer in seconds. The TLS protocol allows multiple connections to be created within one TLS session. The TLS allows resuming a session without repeating the entire expense of the authentication and other setup costs for each connection. |
![]() | cipherSuite1 | O | enumeration | rsa-with-aes-128-cbc-sha | The first TLS cipher suite choice of this TLS profile. |
![]() | cipherSuite2 | O | enumeration | nosuite | The second TLS cipher suite choice of this TLS profile. |
![]() | cipherSuite3 | O | enumeration | nosuite | The third TLS cipher suite choice of this TLS profile. |
![]() | allowedRoles | O | enumeration | clientandserver | The allowed TLS roles of this TLS profile. |
![]() | authClient | O | enumeration | true | This indicates whether or not a Ema-TLS client is forced to authenticate itself within Ema-TLS. |
![]() | clientCertName | O | string | The name of Client Certificate referred by this TLS profile. | |
![]() | serverCertName | O | string | The name of Server Certificate referred by this TLS profile. | |
![]() | acceptableCertValidationErrors | O | enumeration | none | Certificate validation errors that are acceptable while validating the peer certificate. |
![]() | ocspProfileName | O | reference | The name of OCSP Profile referred by this TLS profile. | |
![]() | v1_0 | O | enumeration | enabled | TLS Protocol version 1.0 |
![]() | v1_1 | O | enumeration | disabled | TLS Protocol version 1.1 |
![]() | v1_2 | O | enumeration | disabled | TLS Protocol version 1.2 |
![]() | suppressEmptyFragments | O | enumeration | disabled | Determine whether SBX should insert empty segments while sending packets on TLS over TCP. |
![]() | peerNameVerify | O | enumeration | disabled | Verify identity of peer in the certificate |
REST API: GET Example |
---|
curl -kisu 'admin:secret' -X GET https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name} |
REST API: POST Example |
---|
curl -kisu 'admin:secret' -X POST -H 'Content-Type: application/vnd.yang.data+xml' https://{SBX-SERVER}/api/config/profiles/security --data ' |
REST API: DELETE Example |
---|
curl -kisu 'admin:secret' -X DELETE https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name} |