slb template server-ssl¶

Server Side SSL Template

server-ssl Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name server-ssl-list

Collection URI /axapi/v3/slb/template/server-ssl

Element Name server-ssl

Element URI /axapi/v3/slb/template/server-ssl/{name}

Element Attributes server-ssl_attributes

Partition Visibility shared

Schema server-ssl schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/slb/template/server-ssl	server-ssl attributes
POST /axapi/v3/slb/template/server-ssl/ Payload: { "server-ssl": { "name": "a", "user-tag": "a" } }
Create List	POST	/axapi/v3/slb/template/server-ssl	server-ssl attributes
Get Object	GET	/axapi/v3/slb/template/server-ssl/{name}	server-ssl attributes
GET /axapi/v3/slb/template/server-ssl/a Reponse: { "server-ssl": { "name": "a", "enable-tls-alert-logging": 0, "handshake-logging-enable": 0, "close-notify": 0, "forward-proxy-enable": 0, "session-ticket-enable": 0, "version": 33, "dgversion": 31, "ssli-logging": 0, "ocsp-stapling": 0, "use-client-sni": 0, "renegotiation-disable": 0, "session-cache-size": 0, "early-data": 0, "uuid": "da80d4f8-507d-11ee-98ee-fbe362803b33", "user-tag": "a", "a10-url": "/axapi/v3/slb/template/server-ssl/a" } }
Get List	GET	/axapi/v3/slb/template/server-ssl	server-ssl-list
Modify Object	POST	/axapi/v3/slb/template/server-ssl/{name}	server-ssl attributes
Replace Object	PUT	/axapi/v3/slb/template/server-ssl/{name}	server-ssl attributes
PUT /axapi/v3/slb/template/server-ssl/a Payload: { "server-ssl": { "name": "a", "user-tag": "abcd" } }
Replace List	PUT	/axapi/v3/slb/template/server-ssl	server-ssl-list
Delete Object	DELETE	/axapi/v3/slb/template/server-ssl/{name}	server-ssl attributes
DELETE /axapi/v3/slb/template/server-ssl/a Reponse: { "response": { "http-status": 200, "status": "OK", "msg": "Success" } }

server-ssl-list¶

server-ssl-list is JSON List of server-ssl attributes

server-ssl-list : [

{ server-ssl attributes },

{ server-ssl attributes },

…

]

server-ssl attributes¶

alert-type

Description ‘fatal’: Log fatal alerts;

Type: string

Supported Values: fatal

ca-certs

Type: List

certificate

Description: certificate is a JSON Block. Please see below for certificate

Type: Object

Reference Object: /axapi/v3/slb/template/server-ssl/{name}/certificate

cipher-template

Description Cipher Template Name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: cipher-template, cipher-wo-prio, and shared-partition-cipher-template are mutually exclusive

Reference Object: /axapi/v3/slb/template/cipher

cipher-without-prio-list

Type: List

close-notify

Description Send close notification when terminate connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

crl-certs

Type: List

dgversion

Description Lower TLS/SSL version can be downgraded

Type: number

Range: 30-34

Default: 31

dh-type

Description ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048;

Type: string

Supported Values: 1024, 1024-dsa, 2048

early-data

Description Enable TLS 1.3 early data (0-RTT)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ec-list

Type: List

enable-ssli-ftp-alg

Description Enable SSLi FTP over TLS support at which port

Type: number

Range: 1-65535

enable-tls-alert-logging

Description Enable TLS alert logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-enable

Description Enable SSL forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

handshake-logging-enable

Description Enable SSL handshake logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description Server SSL Template Name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

ocsp-stapling

Description Enable ocsp-stapling support

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

renegotiation-disable

Description Disable SSL renegotiation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-certificate-error

Type: List

server-name

Description Specify Server Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

session-cache-size

Description Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))

Type: number

Range: 0-128

Default: 0

session-cache-timeout

Description Session Cache Timeout (Timeout value, in seconds. Default no timeout.)

Type: number

Range: 1-7200

session-ticket-enable

Description Enable server side session ticket support

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

shared-partition-cipher-template

Description Reference a cipher template from shared partition

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: shared-partition-cipher-template, cipher-wo-prio, and cipher-template are mutually exclusive

ssli-logging

Description SSLi logging level, default is error logging only

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sslilogging

Description ‘disable’: Disable all logging; ‘all’: enable all logging(error, info);

Type: string

Supported Values: disable, all

template-cipher-shared

Description Cipher Template Name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/slb/template/cipher

use-client-sni

Description use client SNI

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

version

Description TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)

Type: number

Range: 30-34

Default: 33

crl-certs¶

Specification Value

Type list

Block object keys

crl

Description Certificate Revocation Lists (Certificate Revocation Lists file name)

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

crl-partition-shared

Description Certificate Revocation Lists Partition Shared

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

certificate¶

Specification Value

Type object

cert

Description Certificate Name

Type: string

Format: string-rlx

Maximum Length: 245 characters

Maximum Length: 1 characters

encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

key

Description Client private-key (Key Name)

Type: string

Format: string-rlx

Maximum Length: 245 characters

Maximum Length: 1 characters

passphrase

Description Password Phrase

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

shared

Description Client Certificate and Key Partition Shared

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ec-list¶

Specification Value

Type list

Block object keys

ec

Description ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;

Type: string

Supported Values: secp256r1, secp384r1

server-certificate-error¶

Specification Value

Type list

Block object keys

error-type

Description ‘email’: Notify the error via email; ‘ignore’: Ignore the error, which mean the connection can continue; ‘logging’: Log the error; ‘trap’: Notify the error by SNMP trap;

Type: string

Supported Values: email, ignore, logging, trap

ca-certs¶

Specification Value

Type list

Block object keys

ca-cert

Description Specify CA certificate

Type: string

Format: string-rlx

Maximum Length: 245 characters

Maximum Length: 1 characters

ca-cert-partition-shared

Description CA Certificate Partition Shared

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-ocsp-sg

Description Specify service-group (Service group name)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/service-group

server-ocsp-srvr

Description Specify authentication server

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/server/ocsp

cipher-without-prio-list¶

Specification Value

Type list

Block object keys

cipher-wo-prio

Description ‘SSL3_RSA_DES_192_CBC3_SHA’: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); ‘SSL3_RSA_RC4_128_MD5’: TLS_RSA_WITH_RC4_128_MD5 (0x0004); ‘SSL3_RSA_RC4_128_SHA’: TLS_RSA_WITH_RC4_128_SHA (0x0005); ‘TLS1_RSA_AES_128_SHA’: TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); ‘TLS1_RSA_AES_256_SHA’: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); ‘TLS1_RSA_AES_128_SHA256’: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); ‘TLS1_RSA_AES_256_SHA256’: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); ‘TLS1_DHE_RSA_AES_128_SHA’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); ‘TLS1_DHE_RSA_AES_256_SHA’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); ‘TLS1_ECDHE_RSA_AES_256_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA);

Type: string

Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256

Mutual Exclusion: cipher-wo-prio, cipher-template, and shared-partition-cipher-template are mutually exclusive