Resources | profiles | security | tlsProfile
 tlsProfileThis object creates and configures a profile for implementing the Transport Layer Security (TLS) protocol for use with SIP over TLS. TLS is an IETF protocol for securing communications across an untrusted network. Normally, SIP packets are sent in plain text over TCP or UDP connections. |
Configuration
| Parameter | Presence | Type | Default | Description | |
|---|---|---|---|---|---|
  | name | M | string | The name of this TLS Profile. | |
| appAuthTimer | O | uint32 | 5 | The higher layer authentication timer in seconds. In the case in which a client does not authenticate itself within TLS, this is the time in which it must complete authentication in a higher-level protocol after the TLS connection comes up. |
| handshakeTimer | O | uint32 | 5 | The TLS handshake timer in seconds. |
| sessionResumpTimer | O | uint32 | 3600 | The TLS session resumption timer in seconds. The TLS protocol allows multiple connections to be created within one TLS session. The TLS allows resuming a session without repeating the entire expense of the authentication and other setup costs for each connection. |
| cipherSuite1 | O | enumeration | rsa-with-aes-128-cbc-sha | The first TLS cipher suite choice of this TLS profile. |
| cipherSuite2 | O | enumeration | nosuite | The second TLS cipher suite choice of this TLS profile. |
| cipherSuite3 | O | enumeration | nosuite | The third TLS cipher suite choice of this TLS profile. |
| allowedRoles | O | enumeration | clientandserver | The allowed TLS roles of this TLS profile. |
| authClient | O | enumeration | true | This indicates whether or not a TLS client is forced to authenticate itself within TLS. If it's set to false, the client must complete authentication within a higher-lever protocol after the TLS connection comes up. |
| clientCertName | O | string | The name of Client Certificate referred by this TLS profile. | |
| serverCertName | O | string | The name of Server Certificate referred by this TLS profile. | |
| acceptableCertValidationErrors | O | enumeration | none | Certificate validation errors that are acceptable while validating the peer certificate. |
| ocspProfileName | O | reference | The name of OCSP Profile referred by this TLS profile. | |
| v1_0 | O | enumeration | enabled | TLS Protocol version 1.0 |
| v1_1 | O | enumeration | disabled | TLS Protocol version 1.1 |
| v1_2 | O | enumeration | disabled | TLS Protocol version 1.2 |
| suppressEmptyFragments | O | enumeration | disabled | Determine whether SBX should insert empty segments while sending packets on TLS over TCP. |
| REST API: GET Example |
|---|
curl -kisu 'admin:secret' -X GET https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name} |
| REST API: POST Example |
|---|
curl -kisu 'admin:secret' -X POST -H 'Content-Type: application/vnd.yang.data+xml' https://{SBX-SERVER}/api/config/profiles/security --data ' |
| REST API: DELETE Example |
|---|
curl -kisu 'admin:secret' -X DELETE https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name} |
Overview
Content Tools