Versions Compared

Old Version 7

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Resources | profiles | security | tlsProfile


Image ModifiedtlsProfile

This object creates and configures a profile for implementing the Transport Layer Security (TLS) protocol for use with SIP over TLS. TLS is an IETF protocol for securing communications across an untrusted network. Normally, SIP packets are sent in plain text over TCP or UDP connections.

Exists on Condition(/system/sbcPersonality/role !='msbc') and (/system/sbcPersonality/role !='mrfp')


Configuration


ParameterPresenceTypeDefaultDescription
Image ModifiedImage Modified
nameMstring
The name of this TLS Profile.
Image Modified
appAuthTimerOuint325The higher layer authentication timer in seconds. In the case in which a client does not authenticate itself within TLS, this is the time in which it must complete authentication in a higher-level protocol after the TLS connection comes up.
Image Modified
handshakeTimerOuint325The TLS handshake timer in seconds.
Image Modified
sessionResumpTimerOuint323600The TLS session resumption timer in seconds. The TLS protocol allows multiple connections to be created within one TLS session. The TLS allows resuming a session without repeating the entire expense of the authentication and other setup costs for each connection.
Image Modified
cipherSuite1Oenumerationrsa-with-aes-128-cbc-shaThe first TLS cipher suite choice of this TLS profile.
Image Modified
cipherSuite2OenumerationnosuiteThe second TLS cipher suite choice of this TLS profile.
Image Modified
cipherSuite3OenumerationnosuiteThe third TLS cipher suite choice of this TLS profile.
Image Modified
allowedRolesOenumerationclientandserverThe allowed TLS roles of this TLS profile.
Image Modified
authClientOenumerationtrueThis indicates whether or not a Ema-TLS client is forced to authenticate itself within
TLS. If it's set to false, the client must complete authentication within a higher-lever protocol after the TLS connection comes up
Ema-TLS.
Image Modified
clientCertNameOstring
The name of Client Certificate referred by this TLS profile.
Image Modified
serverCertNameOstring
The name of Server Certificate referred by this TLS profile.
Image Modified
acceptableCertValidationErrorsOenumerationnoneCertificate validation errors that are acceptable while validating the peer certificate.
Image Modified
ocspProfileNameOreference
The name of OCSP Profile referred by this TLS profile.
Image Modified
v1_0OenumerationenabledTLS Protocol version 1.0
Image Modified
v1_1OenumerationdisabledTLS Protocol version 1.1
Image Modified
v1_2OenumerationdisabledTLS Protocol version 1.2
Image Modified
suppressEmptyFragmentsOenumerationdisabledDetermine whether SBX should insert empty segments while sending packets on TLS over TCP.
Image Modified
peerNameVerifyOenumerationdisabledVerify identity of peer in the certificate


REST API: GET Example

curl -kisu 'admin:secret' -X GET https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name}


REST API: POST Example

curl -kisu 'admin:secret' -X POST -H 'Content-Type: application/vnd.yang.data+xml' https://{SBX-SERVER}/api/config/profiles/security --data '
<tlsProfile>
     <name>{name}</name>
</tlsProfile>
'


REST API: DELETE Example

curl -kisu 'admin:secret' -X DELETE https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name}