| Parameter | Presence | Type | Default | Description |
---|
| name | M | string | | The name of this TLS Profile. |
| appAuthTimer | O | uint32 | 5 | The higher layer authentication timer in seconds. In the case in which a client does not authenticate itself within TLS, this is the time in which it must complete authentication in a higher-level protocol after the TLS connection comes up. |
| handshakeTimer | O | uint32 | 5 | The TLS handshake timer in seconds. |
| sessionResumpTimer | O | uint32 | 3600 | The TLS session resumption timer in seconds. The TLS protocol allows multiple connections to be created within one TLS session. The TLS allows resuming a session without repeating the entire expense of the authentication and other setup costs for each connection. |
| cipherSuite1 | O | enumeration | rsa-with-aes-128-cbc-sha | The first TLS cipher suite choice of this TLS profile. |
| cipherSuite2 | O | enumeration | nosuite | The second TLS cipher suite choice of this TLS profile. |
| cipherSuite3 | O | enumeration | nosuite | The third TLS cipher suite choice of this TLS profile. |
| allowedRoles | O | enumeration | clientandserver | The allowed TLS roles of this TLS profile. |
| authClient | O | enumeration | true | This indicates whether or not a TLS client is forced to authenticate itself within TLS. If it's set to false, the client must complete authentication within a higher-lever protocol after the TLS connection comes up. |
| clientCertName | O | string | | The name of Client Certificate referred by this TLS profile. |
| serverCertName | O | string | | The name of Server Certificate referred by this TLS profile. |
| acceptableCertValidationErrors | O | enumeration | none | Certificate validation errors that are acceptable while validating the peer certificate. |
| ocspProfileName | O | reference | | The name of OCSP Profile referred by this TLS profile. |
| v1_0 | O | enumeration | enabled | TLS Protocol version 1.0 |
| v1_1 | O | enumeration | disabled | TLS Protocol version 1.1 |
| v1_2 | O | enumeration | disabled | TLS Protocol version 1.2 |
| suppressEmptyFragments | O | enumeration | disabled | Determine whether SBX should insert empty segments while sending packets on TLS over TCP. |