SSLProfile

Description

API


    POST /api/sslprofile
    PUT /api/sslprofile/<key>
    DELETE /api/sslprofile/<key>
    GET /api/sslprofile
    GET /api/sslprofile/<key>

CLI


    configure sslprofile <key>
    show sslprofile <key>

Examples

To create a standard security SSL profile 

 POST /api/sslprofile

{
    "accepted_ciphers": "aECDSA:aECDH:kEDH:kRSA", 
    "accepted_versions": [
        {
            "type": "SSL_VERSION_TLS1"
        }, 
        {
            "type": "SSL_VERSION_TLS1"
        }, 
        {
            "type": "SSL_VERSION_TLS1_1"
        }, 
        {
            "type": "SSL_VERSION_TLS1_2"
        }
    ], 
    "name": "Standard"
}

Data

SSLProfile

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

accepted_versions

Type
SSLVersion
Category
repeated
Description
Set of versions accepted by the server

accepted_ciphers

Type
string
Category
optional
Description
Ciphers suites represented as defined by U(http://www.openssl.org/docs/apps/ciphers.html)
Default
AES:3DES:RC4

cipher_enums

Type
enum
Category
repeated
Description
Choices
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA

tags

Type
Tag
Category
repeated
Description

ssl_rating

Type
SSLRating
Category
optional
Description

send_close_notify

Type
bool
Category
optional
Description
Send 'close notify' alert message for a clean shutdown of the SSL connection.
Default
True

dhparam

Type
string
Category
optional,readonly
Description
DH Parameters used in SSL. At this time, it is not configurable and is set to 2048 bits.

prefer_client_cipher_ordering

Type
bool
Category
optional
Description
Prefer the SSL cipher ordering presented by the client during the SSL handshake over the one specified in the SSL Profile.
Default
False

enable_ssl_session_reuse

Type
bool
Category
optional
Description
Enable SSL session re-use.
Default
True

ssl_session_timeout

Type
uint32
Category
optional
Description
The amount of time before an SSL session expires.
Units
sec
Default
86400

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

SSLVersion

type

Type
enum
Category
required
Description
Default
SSL_VERSION_TLS1_1
Choices
SSL_VERSION_TLS1, SSL_VERSION_TLS1_1, SSL_VERSION_TLS1_2

Tag

value

Type
string
Category
required
Description

type

Type
enum
Category
optional
Description
Default
USER_DEFINED
Choices
AVI_DEFINED, USER_DEFINED, VCENTER_DEFINED

SSLRating

security_score

Type
string
Category
optional
Description

performance_rating

Type
enum
Category
optional
Description
Choices
SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT

compatibility_rating

Type
enum
Category
optional
Description
Choices
SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT

References

Tenant

Sub Objects