| |
Exists on Condition | (/system/sbcPersonality/role !='msbc') and (/system/sbcPersonality/role !='mrfp') |
Parameter | Presence | Type | Default | Description | |
---|---|---|---|---|---|
name | M | string | The name of this TLS Profile. | ||
appAuthTimer | O | uint32 | 5 | The higher layer authentication timer in seconds. In the case in which a client does not authenticate itself within TLS, this is the time in which it must complete authentication in a higher-level protocol after the TLS connection comes up. | |
handshakeTimer | O | uint32 | 5 | The TLS handshake timer in seconds. | |
sessionResumpTimer | O | uint32 | 3600 | The TLS session resumption timer in seconds. The TLS protocol allows multiple connections to be created within one TLS session. The TLS allows resuming a session without repeating the entire expense of the authentication and other setup costs for each connection. | |
cipherSuite1 | O | enumeration | rsa-with-aes-128-cbc-sha | The first TLS cipher suite choice of this TLS profile. | |
cipherSuite2 | O | enumeration | nosuite | The second TLS cipher suite choice of this TLS profile. | |
cipherSuite3 | O | enumeration | nosuite | The third TLS cipher suite choice of this TLS profile. | |
allowedRoles | O | enumeration | clientandserver | The allowed TLS roles of this TLS profile. | |
authClient | O | enumeration | true | This indicates whether or not a TLS client is forced to authenticate itself within TLS. If it's set to false, the client must complete authentication within a higher-lever protocol after the TLS connection comes up. | |
clientCertName | O | string | The name of Client Certificate referred by this TLS profile. | ||
serverCertName | O | string | The name of Server Certificate referred by this TLS profile. | ||
acceptableCertValidationErrors | O | enumeration | none | Certificate validation errors that are acceptable while validating the peer certificate. | |
ocspProfileName | O | reference | The name of OCSP Profile referred by this TLS profile. | ||
v1_0 | O | enumeration | enabled | TLS Protocol version 1.0 | |
v1_1 | O | enumeration | disabled | TLS Protocol version 1.1 | |
v1_2 | O | enumeration | disabled | TLS Protocol version 1.2 | |
suppressEmptyFragments | O | enumeration | disabled | Determine whether SBX should insert empty segments while sending packets on TLS over TCP. | |
peerNameVerify | O | enumeration | disabled | Verify identity of peer in the certificate |
REST API: GET Example |
---|
curl -kisu 'admin:secret' -X GET https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name} |
REST API: POST Example |
---|
curl -kisu 'admin:secret' -X POST -H 'Content-Type: application/vnd.yang.data+xml' https://{SBX-SERVER}/api/config/profiles/security --data ' |
REST API: DELETE Example |
---|
curl -kisu 'admin:secret' -X DELETE https://{SBX-SERVER}/api/config/profiles/security/tlsProfile/{name} |