SSLProfile

Description

API


    POST /api/sslprofile
    PUT /api/sslprofile/<key>
    DELETE /api/sslprofile/<key>
    GET /api/sslprofile
    GET /api/sslprofile/<key>

CLI


    configure sslprofile <key>
    show sslprofile <key>

Examples

To create a standard security SSL profile

 POST /api/sslprofile

{
    "accepted_ciphers": "aECDSA:aECDH:kEDH:kRSA", 
    "accepted_versions": [
        {
            "type": "SSL_VERSION_TLS1"
        }, 
        {
            "type": "SSL_VERSION_TLS1"
        }, 
        {
            "type": "SSL_VERSION_TLS1_1"
        }, 
        {
            "type": "SSL_VERSION_TLS1_2"
        }
    ], 
    "name": "Standard"
}
 

Data

SSLProfile

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

accepted_versions

Type
SSLVersion
Category
repeated
Description
Set of versions accepted by the server

accepted_ciphers

Type
string
Category
optional
Description
Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html
Default
AES:3DES:RC4

cipher_enums

Type
enum
Category
repeated
Description
Choices
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

tags

Type
Tag
Category
repeated
Description

ssl_rating

Type
SSLRating
Category
optional
Description

send_close_notify

Type
bool
Category
optional
Description
Send 'close notify' alert message for a clean shutdown of the SSL connection.
Default
True

dhparam

Type
string
Category
optional,readonly
Description
DH Parameters used in SSL. At this time, it is not configurable and is set to 2048 bits.

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

SSLVersion

type

Type
enum
Category
required
Description
Default
SSL_VERSION_TLS1_1
Choices
SSL_VERSION_TLS1_1, SSL_VERSION_TLS1, SSL_VERSION_TLS1_2

Tag

value

Type
string
Category
required
Description

type

Type
enum
Category
optional
Description
Default
USER_DEFINED
Choices
VCENTER_DEFINED, AVI_DEFINED, USER_DEFINED

SSLRating

security_score

Type
string
Category
optional
Description

performance_rating

Type
enum
Category
optional
Description
Choices
SSL_SCORE_GOOD, SSL_SCORE_BAD, SSL_SCORE_EXCELLENT, SSL_SCORE_VERY_BAD, SSL_SCORE_NOT_SECURE, SSL_SCORE_AVERAGE

compatibility_rating

Type
enum
Category
optional
Description
Choices
SSL_SCORE_GOOD, SSL_SCORE_BAD, SSL_SCORE_EXCELLENT, SSL_SCORE_VERY_BAD, SSL_SCORE_NOT_SECURE, SSL_SCORE_AVERAGE

References

Tenant

Sub Objects