slb template server-ssl¶
Server Side SSL Template
server-ssl Specification¶
Type Collection Object Key(s) name Collection Name server-ssl-list Collection URI /axapi/v3/slb/template/server-ssl Element Name server-ssl Element URI /axapi/v3/slb/template/server-ssl/{name} Element Attributes server-ssl_attributes Schema server-ssl schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/slb/template/server-ssl | ||
Create List | POST | /axapi/v3/slb/template/server-ssl | ||
Get Object | GET | /axapi/v3/slb/template/server-ssl/{name} | ||
Get List | GET | /axapi/v3/slb/template/server-ssl | ||
Modify Object | POST | /axapi/v3/slb/template/server-ssl/{name} | ||
Replace Object | PUT | /axapi/v3/slb/template/server-ssl/{name} | ||
Replace List | PUT | /axapi/v3/slb/template/server-ssl | ||
Delete Object | DELETE | /axapi/v3/slb/template/server-ssl/{name} |
server-ssl-list¶
server-ssl-list is JSON List of server-ssl attributes
server-ssl-list : [
]
server-ssl attributes¶
alert-type
Description ‘fatal’: Log fatal alerts;
Type: string
Supported Values: fatal
ca-certs
Type: Listcert
Description Specify Client certificate (Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: cert and cert-shared-str are mutually exclusive
cert-shared-str
Description Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: cert-shared-str and cert are mutually exclusive
cipher-template
Description Cipher Template (Cipher Config Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: cipher-template cipher-wo-prio and shared-partition-cipher-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/cipher
cipher-without-prio-list
Type: Listclose-notify
Description Send close notification when terminate connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
crl-certs
Type: Listdgversion
Description Lower TLS/SSL version can be downgraded
Type: number
Range: 30-33
Default: 31
dh-short-key-action
Description ‘none’: no change; ‘prepend’: prepend dh key; ‘regenerate’: regenerate dh key;
Type: string
Supported Values: none, prepend, regenerate
Default: none
dh-type
Description ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048;
Type: string
Supported Values: 1024, 1024-dsa, 2048
ec-list
Type: Listenable-ssli-ftp-alg
Description Enable SSLi FTP over TLS support at which port
Type: number
Range: 1-65535
enable-tls-alert-logging
Description Enable TLS alert logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)forward-proxy-enable
Description Enable SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
handshake-logging-enable
Description Enable SSL handshake logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key
Description Client private-key (Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: key and key-shared-str are mutually exclusive
key-shared-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key-shared-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
key-shared-str
Description Key Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: key-shared-str and key are mutually exclusive
name
Description Server SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
ocsp-stapling
Description Enable ocsp-stapling support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
renegotiation-disable
Description Disable SSL renegotiation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-certificate-error
Type: Listsession-cache-size
Description Session Cache Size (Specify 0 to disable Session ID reuse.)
Type: number
Range: 0-128
Default: 0
session-cache-timeout
Description Session Cache Timeout (Timeout value, in seconds)
Type: number
Range: 1-7200
session-ticket-enable
Description Enable server side session ticket support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
shared-partition-cipher-template
Description Reference a cipher template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-cipher-template and cipher-template are mutually exclusive
ssli-logging
Description SSLi logging level, default is error logging only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sslilogging
Description ‘disable’: Disable all logging; ‘all’: enable all logging(error, info);
Type: string
Supported Values: disable, all
template-cipher-shared
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/cipher
use-client-sni
Description use client SNI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version
Description TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1 and 33-TLSv1.2)
Type: number
Range: 30-33
Default: 33
crl-certs¶
Specification Type list Block object keys crl
Description Certificate Revocation Lists (Certificate Revocation Lists file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
crl-partition-shared
Description Certificate Revocation Lists Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ec-list¶
Specification Type list Block object keys ec
Description ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;
Type: string
Supported Values: secp256r1, secp384r1
server-certificate-error¶
Specification Type list Block object keys error-type
Description ‘email’: Notify the error via email; ‘ignore’: Ignore the error, which mean the connection can continue; ‘logging’: Log the error; ‘trap’: Notify the error by SNMP trap;
Type: string
Supported Values: email, ignore, logging, trap
ca-certs¶
Specification Type list Block object keys ca-cert
Description Specify CA certificate
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-cert-partition-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-ocsp-sg
Description Specify service-group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/service-group
server-ocsp-srvr
Description Specify authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/ocsp
cipher-without-prio-list¶
Specification Type list Block object keys cipher-wo-prio
Description ‘SSL3_RSA_DES_192_CBC3_SHA’: SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_RC4_128_MD5’: SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’: SSL3_RSA_RC4_128_SHA; ‘TLS1_RSA_AES_128_SHA’: TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’: TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_SHA256’: TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’: TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’: TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’: TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS1_RSA_AES_256_GCM_SHA384;
Type: string
Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256
Mutual Exclusion: cipher-wo-prio and cipher-template are mutually exclusive