slb template server-ssl¶
Server Side SSL Template
server-ssl Specification¶
Type Collection Object Key(s) name Collection Name server-ssl-list Collection URI /axapi/v3/slb/template/server-ssl Element Name server-ssl Element URI /axapi/v3/slb/template/server-ssl/{name} Element Attributes server-ssl_attributes Schema server-ssl schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/slb/template/server-ssl | ||
Create List | POST | /axapi/v3/slb/template/server-ssl | ||
Get Object | GET | /axapi/v3/slb/template/server-ssl/{name} | ||
Get List | GET | /axapi/v3/slb/template/server-ssl | ||
Modify Object | POST | /axapi/v3/slb/template/server-ssl/{name} | ||
Replace Object | PUT | /axapi/v3/slb/template/server-ssl/{name} | ||
Replace List | PUT | /axapi/v3/slb/template/server-ssl | ||
Delete Object | DELETE | /axapi/v3/slb/template/server-ssl/{name} |
server-ssl-list¶
server-ssl-list is JSON List of server-ssl attributes
server-ssl-list : [
]
server-ssl attributes¶
alert-type
Description ‘fatal’: Log fatal alerts;
Type: string
Supported Values: fatal
ca-certs
Type: Listcertificate
Description: certificate is a JSON Block. Please see below for certificate
Type: Object
Reference Object: /axapi/v3/slb/template/server-ssl/{name}/certificate
cipher-template
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: cipher-template cipher-wo-prio and shared-partition-cipher-template are mutually exclusive
Reference Object: /axapi/v3/slb/template/cipher
cipher-without-prio-list
Type: Listclose-notify
Description Send close notification when terminate connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
crl-certs
Type: Listdgversion
Description Lower TLS/SSL version can be downgraded
Type: number
Range: 30-34
Default: 31
dh-type
Description ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048;
Type: string
Supported Values: 1024, 1024-dsa, 2048
early-data
Description Enable TLS 1.3 early data (0-RTT)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ec-list
Type: Listenable-ssli-ftp-alg
Description Enable SSLi FTP over TLS support at which port
Type: number
Range: 1-65535
enable-tls-alert-logging
Description Enable TLS alert logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-enable
Description Enable SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
handshake-logging-enable
Description Enable SSL handshake logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Server SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
ocsp-stapling
Description Enable ocsp-stapling support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
renegotiation-disable
Description Disable SSL renegotiation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-certificate-error
Type: Listserver-name
Description Specify Server Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
session-cache-size
Description Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))
Type: number
Range: 0-128
Default: 0
session-cache-timeout
Description Session Cache Timeout (Timeout value, in seconds. Default no timeout.)
Type: number
Range: 1-7200
session-ticket-enable
Description Enable server side session ticket support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
shared-partition-cipher-template
Description Reference a cipher template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-cipher-template cipher-wo-prio and cipher-template are mutually exclusive
ssli-logging
Description SSLi logging level, default is error logging only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sslilogging
Description ‘disable’: Disable all logging; ‘all’: enable all logging(error, info);
Type: string
Supported Values: disable, all
template-cipher-shared
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/cipher
use-client-sni
Description use client SNI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version
Description TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 30-34
Default: 33
crl-certs¶
Specification Type list Block object keys crl
Description Certificate Revocation Lists (Certificate Revocation Lists file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
crl-partition-shared
Description Certificate Revocation Lists Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
certificate¶
Specification Type object cert
Description Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key
Description Client private-key (Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
shared
Description Client Certificate and Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ec-list¶
Specification Type list Block object keys ec
Description ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;
Type: string
Supported Values: secp256r1, secp384r1
server-certificate-error¶
Specification Type list Block object keys error-type
Description ‘email’: Notify the error via email; ‘ignore’: Ignore the error, which mean the connection can continue; ‘logging’: Log the error; ‘trap’: Notify the error by SNMP trap;
Type: string
Supported Values: email, ignore, logging, trap
ca-certs¶
Specification Type list Block object keys ca-cert
Description Specify CA certificate
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-cert-partition-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-ocsp-sg
Description Specify service-group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/service-group
server-ocsp-srvr
Description Specify authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/ocsp
cipher-without-prio-list¶
Specification Type list Block object keys cipher-wo-prio
Description ‘SSL3_RSA_DES_192_CBC3_SHA’: SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_RC4_128_MD5’: SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’: SSL3_RSA_RC4_128_SHA; ‘TLS1_RSA_AES_128_SHA’: TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’: TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_SHA256’: TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’: TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’: TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’: TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS1_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA384’: TLS1_ECDHE_RSA_AES_256_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’: TLS1_ECDHE_ECDSA_AES_256_SHA384; ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’: TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256; ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’: TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256; ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’: TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256;
Type: string
Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256
Mutual Exclusion: cipher-wo-prio cipher-template and shared-partition-cipher-template are mutually exclusive