f5bigip.ltm.ProfileClientSsl
Explore with Pulumi AI
f5bigip.ltm.ProfileClientSsl
Manages client SSL profiles on a BIG-IP
Resources should be named with their “full path”. The full path is the combination of the partition + name (example: /Common/my-pool ) or partition + directory + name of the resource (example: /Common/test/my-pool )
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";
const test_ClientSsl = new f5bigip.ltm.ProfileClientSsl("test-ClientSsl", {
name: "/Common/test-ClientSsl",
defaultsFrom: "/Common/clientssl",
authenticate: "always",
ciphers: "DEFAULT",
});
import pulumi
import pulumi_f5bigip as f5bigip
test__client_ssl = f5bigip.ltm.ProfileClientSsl("test-ClientSsl",
name="/Common/test-ClientSsl",
defaults_from="/Common/clientssl",
authenticate="always",
ciphers="DEFAULT")
package main
import (
"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip/ltm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ltm.NewProfileClientSsl(ctx, "test-ClientSsl", <m.ProfileClientSslArgs{
Name: pulumi.String("/Common/test-ClientSsl"),
DefaultsFrom: pulumi.String("/Common/clientssl"),
Authenticate: pulumi.String("always"),
Ciphers: pulumi.String("DEFAULT"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using F5BigIP = Pulumi.F5BigIP;
return await Deployment.RunAsync(() =>
{
var test_ClientSsl = new F5BigIP.Ltm.ProfileClientSsl("test-ClientSsl", new()
{
Name = "/Common/test-ClientSsl",
DefaultsFrom = "/Common/clientssl",
Authenticate = "always",
Ciphers = "DEFAULT",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.f5bigip.ltm.ProfileClientSsl;
import com.pulumi.f5bigip.ltm.ProfileClientSslArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test_ClientSsl = new ProfileClientSsl("test-ClientSsl", ProfileClientSslArgs.builder()
.name("/Common/test-ClientSsl")
.defaultsFrom("/Common/clientssl")
.authenticate("always")
.ciphers("DEFAULT")
.build());
}
}
resources:
test-ClientSsl:
type: f5bigip:ltm:ProfileClientSsl
properties:
name: /Common/test-ClientSsl
defaultsFrom: /Common/clientssl
authenticate: always
ciphers: DEFAULT
Create ProfileClientSsl Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ProfileClientSsl(name: string, args: ProfileClientSslArgs, opts?: CustomResourceOptions);
@overload
def ProfileClientSsl(resource_name: str,
args: ProfileClientSslArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ProfileClientSsl(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
alert_timeout: Optional[str] = None,
allow_expired_crl: Optional[str] = None,
allow_non_ssl: Optional[str] = None,
authenticate: Optional[str] = None,
authenticate_depth: Optional[int] = None,
c3d_client_fallback_cert: Optional[str] = None,
c3d_drop_unknown_ocsp_status: Optional[str] = None,
c3d_ocsp: Optional[str] = None,
ca_file: Optional[str] = None,
cache_size: Optional[int] = None,
cache_timeout: Optional[int] = None,
cert: Optional[str] = None,
cert_extension_includes: Optional[Sequence[str]] = None,
cert_key_chain: Optional[ProfileClientSslCertKeyChainArgs] = None,
cert_life_span: Optional[int] = None,
cert_lookup_by_ipaddr_port: Optional[str] = None,
chain: Optional[str] = None,
cipher_group: Optional[str] = None,
ciphers: Optional[str] = None,
client_cert_ca: Optional[str] = None,
crl_file: Optional[str] = None,
defaults_from: Optional[str] = None,
forward_proxy_bypass_default_action: Optional[str] = None,
full_path: Optional[str] = None,
generation: Optional[int] = None,
generic_alert: Optional[str] = None,
handshake_timeout: Optional[str] = None,
inherit_cert_keychain: Optional[str] = None,
key: Optional[str] = None,
mod_ssl_methods: Optional[str] = None,
mode: Optional[str] = None,
ocsp_stapling: Optional[str] = None,
partition: Optional[str] = None,
passphrase: Optional[str] = None,
peer_cert_mode: Optional[str] = None,
proxy_ca_cert: Optional[str] = None,
proxy_ca_key: Optional[str] = None,
proxy_ca_passphrase: Optional[str] = None,
proxy_ssl: Optional[str] = None,
proxy_ssl_passthrough: Optional[str] = None,
renegotiate_period: Optional[str] = None,
renegotiate_size: Optional[str] = None,
renegotiation: Optional[str] = None,
retain_certificate: Optional[str] = None,
secure_renegotiation: Optional[str] = None,
server_name: Optional[str] = None,
session_mirroring: Optional[str] = None,
session_ticket: Optional[str] = None,
sni_default: Optional[str] = None,
sni_require: Optional[str] = None,
ssl_c3d: Optional[str] = None,
ssl_forward_proxy: Optional[str] = None,
ssl_forward_proxy_bypass: Optional[str] = None,
ssl_sign_hash: Optional[str] = None,
strict_resume: Optional[str] = None,
tm_options: Optional[Sequence[str]] = None,
unclean_shutdown: Optional[str] = None)
func NewProfileClientSsl(ctx *Context, name string, args ProfileClientSslArgs, opts ...ResourceOption) (*ProfileClientSsl, error)
public ProfileClientSsl(string name, ProfileClientSslArgs args, CustomResourceOptions? opts = null)
public ProfileClientSsl(String name, ProfileClientSslArgs args)
public ProfileClientSsl(String name, ProfileClientSslArgs args, CustomResourceOptions options)
type: f5bigip:ltm:ProfileClientSsl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProfileClientSslArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProfileClientSslArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProfileClientSslArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProfileClientSslArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProfileClientSslArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var profileClientSslResource = new F5BigIP.Ltm.ProfileClientSsl("profileClientSslResource", new()
{
Name = "string",
AlertTimeout = "string",
AllowExpiredCrl = "string",
AllowNonSsl = "string",
Authenticate = "string",
AuthenticateDepth = 0,
C3dClientFallbackCert = "string",
C3dDropUnknownOcspStatus = "string",
C3dOcsp = "string",
CaFile = "string",
CacheSize = 0,
CacheTimeout = 0,
Cert = "string",
CertExtensionIncludes = new[]
{
"string",
},
CertLifeSpan = 0,
CertLookupByIpaddrPort = "string",
Chain = "string",
CipherGroup = "string",
Ciphers = "string",
ClientCertCa = "string",
CrlFile = "string",
DefaultsFrom = "string",
ForwardProxyBypassDefaultAction = "string",
FullPath = "string",
Generation = 0,
GenericAlert = "string",
HandshakeTimeout = "string",
InheritCertKeychain = "string",
Key = "string",
ModSslMethods = "string",
Mode = "string",
OcspStapling = "string",
Partition = "string",
Passphrase = "string",
PeerCertMode = "string",
ProxyCaCert = "string",
ProxyCaKey = "string",
ProxyCaPassphrase = "string",
ProxySsl = "string",
ProxySslPassthrough = "string",
RenegotiatePeriod = "string",
RenegotiateSize = "string",
Renegotiation = "string",
RetainCertificate = "string",
SecureRenegotiation = "string",
ServerName = "string",
SessionMirroring = "string",
SessionTicket = "string",
SniDefault = "string",
SniRequire = "string",
SslC3d = "string",
SslForwardProxy = "string",
SslForwardProxyBypass = "string",
SslSignHash = "string",
StrictResume = "string",
TmOptions = new[]
{
"string",
},
UncleanShutdown = "string",
});
example, err := ltm.NewProfileClientSsl(ctx, "profileClientSslResource", <m.ProfileClientSslArgs{
Name: pulumi.String("string"),
AlertTimeout: pulumi.String("string"),
AllowExpiredCrl: pulumi.String("string"),
AllowNonSsl: pulumi.String("string"),
Authenticate: pulumi.String("string"),
AuthenticateDepth: pulumi.Int(0),
C3dClientFallbackCert: pulumi.String("string"),
C3dDropUnknownOcspStatus: pulumi.String("string"),
C3dOcsp: pulumi.String("string"),
CaFile: pulumi.String("string"),
CacheSize: pulumi.Int(0),
CacheTimeout: pulumi.Int(0),
Cert: pulumi.String("string"),
CertExtensionIncludes: pulumi.StringArray{
pulumi.String("string"),
},
CertLifeSpan: pulumi.Int(0),
CertLookupByIpaddrPort: pulumi.String("string"),
Chain: pulumi.String("string"),
CipherGroup: pulumi.String("string"),
Ciphers: pulumi.String("string"),
ClientCertCa: pulumi.String("string"),
CrlFile: pulumi.String("string"),
DefaultsFrom: pulumi.String("string"),
ForwardProxyBypassDefaultAction: pulumi.String("string"),
FullPath: pulumi.String("string"),
Generation: pulumi.Int(0),
GenericAlert: pulumi.String("string"),
HandshakeTimeout: pulumi.String("string"),
InheritCertKeychain: pulumi.String("string"),
Key: pulumi.String("string"),
ModSslMethods: pulumi.String("string"),
Mode: pulumi.String("string"),
OcspStapling: pulumi.String("string"),
Partition: pulumi.String("string"),
Passphrase: pulumi.String("string"),
PeerCertMode: pulumi.String("string"),
ProxyCaCert: pulumi.String("string"),
ProxyCaKey: pulumi.String("string"),
ProxyCaPassphrase: pulumi.String("string"),
ProxySsl: pulumi.String("string"),
ProxySslPassthrough: pulumi.String("string"),
RenegotiatePeriod: pulumi.String("string"),
RenegotiateSize: pulumi.String("string"),
Renegotiation: pulumi.String("string"),
RetainCertificate: pulumi.String("string"),
SecureRenegotiation: pulumi.String("string"),
ServerName: pulumi.String("string"),
SessionMirroring: pulumi.String("string"),
SessionTicket: pulumi.String("string"),
SniDefault: pulumi.String("string"),
SniRequire: pulumi.String("string"),
SslC3d: pulumi.String("string"),
SslForwardProxy: pulumi.String("string"),
SslForwardProxyBypass: pulumi.String("string"),
SslSignHash: pulumi.String("string"),
StrictResume: pulumi.String("string"),
TmOptions: pulumi.StringArray{
pulumi.String("string"),
},
UncleanShutdown: pulumi.String("string"),
})
var profileClientSslResource = new ProfileClientSsl("profileClientSslResource", ProfileClientSslArgs.builder()
.name("string")
.alertTimeout("string")
.allowExpiredCrl("string")
.allowNonSsl("string")
.authenticate("string")
.authenticateDepth(0)
.c3dClientFallbackCert("string")
.c3dDropUnknownOcspStatus("string")
.c3dOcsp("string")
.caFile("string")
.cacheSize(0)
.cacheTimeout(0)
.cert("string")
.certExtensionIncludes("string")
.certLifeSpan(0)
.certLookupByIpaddrPort("string")
.chain("string")
.cipherGroup("string")
.ciphers("string")
.clientCertCa("string")
.crlFile("string")
.defaultsFrom("string")
.forwardProxyBypassDefaultAction("string")
.fullPath("string")
.generation(0)
.genericAlert("string")
.handshakeTimeout("string")
.inheritCertKeychain("string")
.key("string")
.modSslMethods("string")
.mode("string")
.ocspStapling("string")
.partition("string")
.passphrase("string")
.peerCertMode("string")
.proxyCaCert("string")
.proxyCaKey("string")
.proxyCaPassphrase("string")
.proxySsl("string")
.proxySslPassthrough("string")
.renegotiatePeriod("string")
.renegotiateSize("string")
.renegotiation("string")
.retainCertificate("string")
.secureRenegotiation("string")
.serverName("string")
.sessionMirroring("string")
.sessionTicket("string")
.sniDefault("string")
.sniRequire("string")
.sslC3d("string")
.sslForwardProxy("string")
.sslForwardProxyBypass("string")
.sslSignHash("string")
.strictResume("string")
.tmOptions("string")
.uncleanShutdown("string")
.build());
profile_client_ssl_resource = f5bigip.ltm.ProfileClientSsl("profileClientSslResource",
name="string",
alert_timeout="string",
allow_expired_crl="string",
allow_non_ssl="string",
authenticate="string",
authenticate_depth=0,
c3d_client_fallback_cert="string",
c3d_drop_unknown_ocsp_status="string",
c3d_ocsp="string",
ca_file="string",
cache_size=0,
cache_timeout=0,
cert="string",
cert_extension_includes=["string"],
cert_life_span=0,
cert_lookup_by_ipaddr_port="string",
chain="string",
cipher_group="string",
ciphers="string",
client_cert_ca="string",
crl_file="string",
defaults_from="string",
forward_proxy_bypass_default_action="string",
full_path="string",
generation=0,
generic_alert="string",
handshake_timeout="string",
inherit_cert_keychain="string",
key="string",
mod_ssl_methods="string",
mode="string",
ocsp_stapling="string",
partition="string",
passphrase="string",
peer_cert_mode="string",
proxy_ca_cert="string",
proxy_ca_key="string",
proxy_ca_passphrase="string",
proxy_ssl="string",
proxy_ssl_passthrough="string",
renegotiate_period="string",
renegotiate_size="string",
renegotiation="string",
retain_certificate="string",
secure_renegotiation="string",
server_name="string",
session_mirroring="string",
session_ticket="string",
sni_default="string",
sni_require="string",
ssl_c3d="string",
ssl_forward_proxy="string",
ssl_forward_proxy_bypass="string",
ssl_sign_hash="string",
strict_resume="string",
tm_options=["string"],
unclean_shutdown="string")
const profileClientSslResource = new f5bigip.ltm.ProfileClientSsl("profileClientSslResource", {
name: "string",
alertTimeout: "string",
allowExpiredCrl: "string",
allowNonSsl: "string",
authenticate: "string",
authenticateDepth: 0,
c3dClientFallbackCert: "string",
c3dDropUnknownOcspStatus: "string",
c3dOcsp: "string",
caFile: "string",
cacheSize: 0,
cacheTimeout: 0,
cert: "string",
certExtensionIncludes: ["string"],
certLifeSpan: 0,
certLookupByIpaddrPort: "string",
chain: "string",
cipherGroup: "string",
ciphers: "string",
clientCertCa: "string",
crlFile: "string",
defaultsFrom: "string",
forwardProxyBypassDefaultAction: "string",
fullPath: "string",
generation: 0,
genericAlert: "string",
handshakeTimeout: "string",
inheritCertKeychain: "string",
key: "string",
modSslMethods: "string",
mode: "string",
ocspStapling: "string",
partition: "string",
passphrase: "string",
peerCertMode: "string",
proxyCaCert: "string",
proxyCaKey: "string",
proxyCaPassphrase: "string",
proxySsl: "string",
proxySslPassthrough: "string",
renegotiatePeriod: "string",
renegotiateSize: "string",
renegotiation: "string",
retainCertificate: "string",
secureRenegotiation: "string",
serverName: "string",
sessionMirroring: "string",
sessionTicket: "string",
sniDefault: "string",
sniRequire: "string",
sslC3d: "string",
sslForwardProxy: "string",
sslForwardProxyBypass: "string",
sslSignHash: "string",
strictResume: "string",
tmOptions: ["string"],
uncleanShutdown: "string",
});
type: f5bigip:ltm:ProfileClientSsl
properties:
alertTimeout: string
allowExpiredCrl: string
allowNonSsl: string
authenticate: string
authenticateDepth: 0
c3dClientFallbackCert: string
c3dDropUnknownOcspStatus: string
c3dOcsp: string
caFile: string
cacheSize: 0
cacheTimeout: 0
cert: string
certExtensionIncludes:
- string
certLifeSpan: 0
certLookupByIpaddrPort: string
chain: string
cipherGroup: string
ciphers: string
clientCertCa: string
crlFile: string
defaultsFrom: string
forwardProxyBypassDefaultAction: string
fullPath: string
generation: 0
genericAlert: string
handshakeTimeout: string
inheritCertKeychain: string
key: string
modSslMethods: string
mode: string
name: string
ocspStapling: string
partition: string
passphrase: string
peerCertMode: string
proxyCaCert: string
proxyCaKey: string
proxyCaPassphrase: string
proxySsl: string
proxySslPassthrough: string
renegotiatePeriod: string
renegotiateSize: string
renegotiation: string
retainCertificate: string
secureRenegotiation: string
serverName: string
sessionMirroring: string
sessionTicket: string
sniDefault: string
sniRequire: string
sslC3d: string
sslForwardProxy: string
sslForwardProxyBypass: string
sslSignHash: string
strictResume: string
tmOptions:
- string
uncleanShutdown: string
ProfileClientSsl Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ProfileClientSsl resource accepts the following input properties:
- Name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - Alert
Timeout string - Alert time out
- Allow
Expired stringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - Allow
Non stringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- Authenticate string
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - Authenticate
Depth int - Specifies the maximum number of certificates to be traversed in a client certificate chain
- C3d
Client stringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- C3d
Drop stringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- C3d
Ocsp string - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- Ca
File string - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - Cache
Size int - Cache size (sessions).
- Cache
Timeout int - Cache time out
- Cert string
- Specifies a cert name for use.
- Cert
Extension List<string>Includes - Cert extension includes for ssl forward proxy
- Cert
Key Pulumi.Chain F5Big IP. Ltm. Inputs. Profile Client Ssl Cert Key Chain - Cert
Life intSpan - Life span of the certificate in days for ssl forward proxy
- Cert
Lookup stringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- Chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- Cipher
Group string - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - Ciphers string
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Client
Cert stringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - Crl
File string - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - Defaults
From string - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- Forward
Proxy stringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- Full
Path string - full path of the profile
- Generation int
- generation
- Generic
Alert string - Generic alerts enabled / disabled.
- Handshake
Timeout string - Handshake time out (seconds)
- Inherit
Cert stringKeychain - Inherit cert key chain
- Key string
- Contains a key name
- Mod
Ssl stringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
- ModSSL Methods enabled / disabled. Default is disabled.
- Ocsp
Stapling string - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - Partition string
- name of partition
- Passphrase string
- Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ca stringCert - Proxy CA Cert
- Proxy
Ca stringKey - Proxy CA Key
- Proxy
Ca stringPassphrase - Proxy CA Passphrase
- Proxy
Ssl string - Proxy SSL enabled / disabled. Default is disabled.
- Proxy
Ssl stringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- Renegotiate
Period string - Renogotiate Period (seconds)
- Renegotiate
Size string - Renogotiate Size
- Renegotiation string
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string - When
true
, client certificate is retained in SSL session. - Secure
Renegotiation string - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - Server
Name string - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - Session
Mirroring string - Session Mirroring (enabled / disabled)
- Session
Ticket string - Session Ticket (enabled / disabled)
- Sni
Default string - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - Ssl
C3d string - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- Ssl
Forward stringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- Ssl
Forward stringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- Ssl
Sign stringHash - SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options List<string> - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - Unclean
Shutdown string - Unclean Shutdown (enabled / disabled)
- Name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - Alert
Timeout string - Alert time out
- Allow
Expired stringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - Allow
Non stringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- Authenticate string
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - Authenticate
Depth int - Specifies the maximum number of certificates to be traversed in a client certificate chain
- C3d
Client stringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- C3d
Drop stringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- C3d
Ocsp string - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- Ca
File string - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - Cache
Size int - Cache size (sessions).
- Cache
Timeout int - Cache time out
- Cert string
- Specifies a cert name for use.
- Cert
Extension []stringIncludes - Cert extension includes for ssl forward proxy
- Cert
Key ProfileChain Client Ssl Cert Key Chain Args - Cert
Life intSpan - Life span of the certificate in days for ssl forward proxy
- Cert
Lookup stringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- Chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- Cipher
Group string - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - Ciphers string
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Client
Cert stringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - Crl
File string - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - Defaults
From string - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- Forward
Proxy stringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- Full
Path string - full path of the profile
- Generation int
- generation
- Generic
Alert string - Generic alerts enabled / disabled.
- Handshake
Timeout string - Handshake time out (seconds)
- Inherit
Cert stringKeychain - Inherit cert key chain
- Key string
- Contains a key name
- Mod
Ssl stringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
- ModSSL Methods enabled / disabled. Default is disabled.
- Ocsp
Stapling string - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - Partition string
- name of partition
- Passphrase string
- Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ca stringCert - Proxy CA Cert
- Proxy
Ca stringKey - Proxy CA Key
- Proxy
Ca stringPassphrase - Proxy CA Passphrase
- Proxy
Ssl string - Proxy SSL enabled / disabled. Default is disabled.
- Proxy
Ssl stringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- Renegotiate
Period string - Renogotiate Period (seconds)
- Renegotiate
Size string - Renogotiate Size
- Renegotiation string
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string - When
true
, client certificate is retained in SSL session. - Secure
Renegotiation string - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - Server
Name string - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - Session
Mirroring string - Session Mirroring (enabled / disabled)
- Session
Ticket string - Session Ticket (enabled / disabled)
- Sni
Default string - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - Ssl
C3d string - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- Ssl
Forward stringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- Ssl
Forward stringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- Ssl
Sign stringHash - SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options []string - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - Unclean
Shutdown string - Unclean Shutdown (enabled / disabled)
- name String
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - alert
Timeout String - Alert time out
- allow
Expired StringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow
Non StringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate String
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate
Depth Integer - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d
Client StringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d
Drop StringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d
Ocsp String - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca
File String - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache
Size Integer - Cache size (sessions).
- cache
Timeout Integer - Cache time out
- cert String
- Specifies a cert name for use.
- cert
Extension List<String>Includes - Cert extension includes for ssl forward proxy
- cert
Key ProfileChain Client Ssl Cert Key Chain - cert
Life IntegerSpan - Life span of the certificate in days for ssl forward proxy
- cert
Lookup StringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- chain String
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher
Group String - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers String
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client
Cert StringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl
File String - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults
From String - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward
Proxy StringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- full
Path String - full path of the profile
- generation Integer
- generation
- generic
Alert String - Generic alerts enabled / disabled.
- handshake
Timeout String - Handshake time out (seconds)
- inherit
Cert StringKeychain - Inherit cert key chain
- key String
- Contains a key name
- mod
Ssl StringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode String
- ModSSL Methods enabled / disabled. Default is disabled.
- ocsp
Stapling String - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition String
- name of partition
- passphrase String
- Client Certificate Constrained Delegation CA passphrase
- peer
Cert StringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ca StringCert - Proxy CA Cert
- proxy
Ca StringKey - Proxy CA Key
- proxy
Ca StringPassphrase - Proxy CA Passphrase
- proxy
Ssl String - Proxy SSL enabled / disabled. Default is disabled.
- proxy
Ssl StringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate
Period String - Renogotiate Period (seconds)
- renegotiate
Size String - Renogotiate Size
- renegotiation String
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate String - When
true
, client certificate is retained in SSL session. - secure
Renegotiation String - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server
Name String - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session
Mirroring String - Session Mirroring (enabled / disabled)
- session
Ticket String - Session Ticket (enabled / disabled)
- sni
Default String - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require String - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl
C3d String - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl
Forward StringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl
Forward StringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl
Sign StringHash - SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume String - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options List<String> - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean
Shutdown String - Unclean Shutdown (enabled / disabled)
- name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - alert
Timeout string - Alert time out
- allow
Expired stringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow
Non stringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate string
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate
Depth number - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d
Client stringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d
Drop stringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d
Ocsp string - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca
File string - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache
Size number - Cache size (sessions).
- cache
Timeout number - Cache time out
- cert string
- Specifies a cert name for use.
- cert
Extension string[]Includes - Cert extension includes for ssl forward proxy
- cert
Key ProfileChain Client Ssl Cert Key Chain - cert
Life numberSpan - Life span of the certificate in days for ssl forward proxy
- cert
Lookup stringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher
Group string - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers string
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client
Cert stringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl
File string - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults
From string - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward
Proxy stringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- full
Path string - full path of the profile
- generation number
- generation
- generic
Alert string - Generic alerts enabled / disabled.
- handshake
Timeout string - Handshake time out (seconds)
- inherit
Cert stringKeychain - Inherit cert key chain
- key string
- Contains a key name
- mod
Ssl stringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode string
- ModSSL Methods enabled / disabled. Default is disabled.
- ocsp
Stapling string - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition string
- name of partition
- passphrase string
- Client Certificate Constrained Delegation CA passphrase
- peer
Cert stringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ca stringCert - Proxy CA Cert
- proxy
Ca stringKey - Proxy CA Key
- proxy
Ca stringPassphrase - Proxy CA Passphrase
- proxy
Ssl string - Proxy SSL enabled / disabled. Default is disabled.
- proxy
Ssl stringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate
Period string - Renogotiate Period (seconds)
- renegotiate
Size string - Renogotiate Size
- renegotiation string
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate string - When
true
, client certificate is retained in SSL session. - secure
Renegotiation string - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server
Name string - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session
Mirroring string - Session Mirroring (enabled / disabled)
- session
Ticket string - Session Ticket (enabled / disabled)
- sni
Default string - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require string - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl
C3d string - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl
Forward stringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl
Forward stringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl
Sign stringHash - SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume string - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options string[] - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean
Shutdown string - Unclean Shutdown (enabled / disabled)
- name str
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - alert_
timeout str - Alert time out
- allow_
expired_ strcrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow_
non_ strssl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate str
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate_
depth int - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d_
client_ strfallback_ cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d_
drop_ strunknown_ ocsp_ status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d_
ocsp str - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca_
file str - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache_
size int - Cache size (sessions).
- cache_
timeout int - Cache time out
- cert str
- Specifies a cert name for use.
- cert_
extension_ Sequence[str]includes - Cert extension includes for ssl forward proxy
- cert_
key_ Profilechain Client Ssl Cert Key Chain Args - cert_
life_ intspan - Life span of the certificate in days for ssl forward proxy
- cert_
lookup_ strby_ ipaddr_ port - Cert lookup by ip address and port enabled / disabled
- chain str
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher_
group str - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers str
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client_
cert_ strca - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl_
file str - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults_
from str - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward_
proxy_ strbypass_ default_ action - Forward proxy bypass default action. (enabled / disabled)
- full_
path str - full path of the profile
- generation int
- generation
- generic_
alert str - Generic alerts enabled / disabled.
- handshake_
timeout str - Handshake time out (seconds)
- inherit_
cert_ strkeychain - Inherit cert key chain
- key str
- Contains a key name
- mod_
ssl_ strmethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode str
- ModSSL Methods enabled / disabled. Default is disabled.
- ocsp_
stapling str - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition str
- name of partition
- passphrase str
- Client Certificate Constrained Delegation CA passphrase
- peer_
cert_ strmode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy_
ca_ strcert - Proxy CA Cert
- proxy_
ca_ strkey - Proxy CA Key
- proxy_
ca_ strpassphrase - Proxy CA Passphrase
- proxy_
ssl str - Proxy SSL enabled / disabled. Default is disabled.
- proxy_
ssl_ strpassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate_
period str - Renogotiate Period (seconds)
- renegotiate_
size str - Renogotiate Size
- renegotiation str
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain_
certificate str - When
true
, client certificate is retained in SSL session. - secure_
renegotiation str - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server_
name str - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session_
mirroring str - Session Mirroring (enabled / disabled)
- session_
ticket str - Session Ticket (enabled / disabled)
- sni_
default str - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni_
require str - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl_
c3d str - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl_
forward_ strproxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl_
forward_ strproxy_ bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl_
sign_ strhash - SSL sign hash (any, sha1, sha256, sha384)
- strict_
resume str - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm_
options Sequence[str] - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean_
shutdown str - Unclean Shutdown (enabled / disabled)
- name String
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - alert
Timeout String - Alert time out
- allow
Expired StringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow
Non StringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate String
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate
Depth Number - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d
Client StringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d
Drop StringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d
Ocsp String - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca
File String - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache
Size Number - Cache size (sessions).
- cache
Timeout Number - Cache time out
- cert String
- Specifies a cert name for use.
- cert
Extension List<String>Includes - Cert extension includes for ssl forward proxy
- cert
Key Property MapChain - cert
Life NumberSpan - Life span of the certificate in days for ssl forward proxy
- cert
Lookup StringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- chain String
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher
Group String - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers String
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client
Cert StringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl
File String - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults
From String - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward
Proxy StringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- full
Path String - full path of the profile
- generation Number
- generation
- generic
Alert String - Generic alerts enabled / disabled.
- handshake
Timeout String - Handshake time out (seconds)
- inherit
Cert StringKeychain - Inherit cert key chain
- key String
- Contains a key name
- mod
Ssl StringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode String
- ModSSL Methods enabled / disabled. Default is disabled.
- ocsp
Stapling String - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition String
- name of partition
- passphrase String
- Client Certificate Constrained Delegation CA passphrase
- peer
Cert StringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ca StringCert - Proxy CA Cert
- proxy
Ca StringKey - Proxy CA Key
- proxy
Ca StringPassphrase - Proxy CA Passphrase
- proxy
Ssl String - Proxy SSL enabled / disabled. Default is disabled.
- proxy
Ssl StringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate
Period String - Renogotiate Period (seconds)
- renegotiate
Size String - Renogotiate Size
- renegotiation String
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate String - When
true
, client certificate is retained in SSL session. - secure
Renegotiation String - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server
Name String - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session
Mirroring String - Session Mirroring (enabled / disabled)
- session
Ticket String - Session Ticket (enabled / disabled)
- sni
Default String - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require String - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl
C3d String - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl
Forward StringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl
Forward StringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl
Sign StringHash - SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume String - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options List<String> - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean
Shutdown String - Unclean Shutdown (enabled / disabled)
Outputs
All input properties are implicitly available as output properties. Additionally, the ProfileClientSsl resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ProfileClientSsl Resource
Get an existing ProfileClientSsl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProfileClientSslState, opts?: CustomResourceOptions): ProfileClientSsl
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alert_timeout: Optional[str] = None,
allow_expired_crl: Optional[str] = None,
allow_non_ssl: Optional[str] = None,
authenticate: Optional[str] = None,
authenticate_depth: Optional[int] = None,
c3d_client_fallback_cert: Optional[str] = None,
c3d_drop_unknown_ocsp_status: Optional[str] = None,
c3d_ocsp: Optional[str] = None,
ca_file: Optional[str] = None,
cache_size: Optional[int] = None,
cache_timeout: Optional[int] = None,
cert: Optional[str] = None,
cert_extension_includes: Optional[Sequence[str]] = None,
cert_key_chain: Optional[ProfileClientSslCertKeyChainArgs] = None,
cert_life_span: Optional[int] = None,
cert_lookup_by_ipaddr_port: Optional[str] = None,
chain: Optional[str] = None,
cipher_group: Optional[str] = None,
ciphers: Optional[str] = None,
client_cert_ca: Optional[str] = None,
crl_file: Optional[str] = None,
defaults_from: Optional[str] = None,
forward_proxy_bypass_default_action: Optional[str] = None,
full_path: Optional[str] = None,
generation: Optional[int] = None,
generic_alert: Optional[str] = None,
handshake_timeout: Optional[str] = None,
inherit_cert_keychain: Optional[str] = None,
key: Optional[str] = None,
mod_ssl_methods: Optional[str] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
ocsp_stapling: Optional[str] = None,
partition: Optional[str] = None,
passphrase: Optional[str] = None,
peer_cert_mode: Optional[str] = None,
proxy_ca_cert: Optional[str] = None,
proxy_ca_key: Optional[str] = None,
proxy_ca_passphrase: Optional[str] = None,
proxy_ssl: Optional[str] = None,
proxy_ssl_passthrough: Optional[str] = None,
renegotiate_period: Optional[str] = None,
renegotiate_size: Optional[str] = None,
renegotiation: Optional[str] = None,
retain_certificate: Optional[str] = None,
secure_renegotiation: Optional[str] = None,
server_name: Optional[str] = None,
session_mirroring: Optional[str] = None,
session_ticket: Optional[str] = None,
sni_default: Optional[str] = None,
sni_require: Optional[str] = None,
ssl_c3d: Optional[str] = None,
ssl_forward_proxy: Optional[str] = None,
ssl_forward_proxy_bypass: Optional[str] = None,
ssl_sign_hash: Optional[str] = None,
strict_resume: Optional[str] = None,
tm_options: Optional[Sequence[str]] = None,
unclean_shutdown: Optional[str] = None) -> ProfileClientSsl
func GetProfileClientSsl(ctx *Context, name string, id IDInput, state *ProfileClientSslState, opts ...ResourceOption) (*ProfileClientSsl, error)
public static ProfileClientSsl Get(string name, Input<string> id, ProfileClientSslState? state, CustomResourceOptions? opts = null)
public static ProfileClientSsl get(String name, Output<String> id, ProfileClientSslState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alert
Timeout string - Alert time out
- Allow
Expired stringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - Allow
Non stringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- Authenticate string
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - Authenticate
Depth int - Specifies the maximum number of certificates to be traversed in a client certificate chain
- C3d
Client stringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- C3d
Drop stringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- C3d
Ocsp string - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- Ca
File string - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - Cache
Size int - Cache size (sessions).
- Cache
Timeout int - Cache time out
- Cert string
- Specifies a cert name for use.
- Cert
Extension List<string>Includes - Cert extension includes for ssl forward proxy
- Cert
Key Pulumi.Chain F5Big IP. Ltm. Inputs. Profile Client Ssl Cert Key Chain - Cert
Life intSpan - Life span of the certificate in days for ssl forward proxy
- Cert
Lookup stringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- Chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- Cipher
Group string - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - Ciphers string
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Client
Cert stringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - Crl
File string - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - Defaults
From string - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- Forward
Proxy stringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- Full
Path string - full path of the profile
- Generation int
- generation
- Generic
Alert string - Generic alerts enabled / disabled.
- Handshake
Timeout string - Handshake time out (seconds)
- Inherit
Cert stringKeychain - Inherit cert key chain
- Key string
- Contains a key name
- Mod
Ssl stringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
- ModSSL Methods enabled / disabled. Default is disabled.
- Name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - Ocsp
Stapling string - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - Partition string
- name of partition
- Passphrase string
- Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ca stringCert - Proxy CA Cert
- Proxy
Ca stringKey - Proxy CA Key
- Proxy
Ca stringPassphrase - Proxy CA Passphrase
- Proxy
Ssl string - Proxy SSL enabled / disabled. Default is disabled.
- Proxy
Ssl stringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- Renegotiate
Period string - Renogotiate Period (seconds)
- Renegotiate
Size string - Renogotiate Size
- Renegotiation string
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string - When
true
, client certificate is retained in SSL session. - Secure
Renegotiation string - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - Server
Name string - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - Session
Mirroring string - Session Mirroring (enabled / disabled)
- Session
Ticket string - Session Ticket (enabled / disabled)
- Sni
Default string - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - Ssl
C3d string - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- Ssl
Forward stringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- Ssl
Forward stringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- Ssl
Sign stringHash - SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options List<string> - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - Unclean
Shutdown string - Unclean Shutdown (enabled / disabled)
- Alert
Timeout string - Alert time out
- Allow
Expired stringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - Allow
Non stringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- Authenticate string
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - Authenticate
Depth int - Specifies the maximum number of certificates to be traversed in a client certificate chain
- C3d
Client stringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- C3d
Drop stringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- C3d
Ocsp string - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- Ca
File string - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - Cache
Size int - Cache size (sessions).
- Cache
Timeout int - Cache time out
- Cert string
- Specifies a cert name for use.
- Cert
Extension []stringIncludes - Cert extension includes for ssl forward proxy
- Cert
Key ProfileChain Client Ssl Cert Key Chain Args - Cert
Life intSpan - Life span of the certificate in days for ssl forward proxy
- Cert
Lookup stringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- Chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- Cipher
Group string - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - Ciphers string
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Client
Cert stringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - Crl
File string - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - Defaults
From string - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- Forward
Proxy stringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- Full
Path string - full path of the profile
- Generation int
- generation
- Generic
Alert string - Generic alerts enabled / disabled.
- Handshake
Timeout string - Handshake time out (seconds)
- Inherit
Cert stringKeychain - Inherit cert key chain
- Key string
- Contains a key name
- Mod
Ssl stringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
- ModSSL Methods enabled / disabled. Default is disabled.
- Name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - Ocsp
Stapling string - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - Partition string
- name of partition
- Passphrase string
- Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ca stringCert - Proxy CA Cert
- Proxy
Ca stringKey - Proxy CA Key
- Proxy
Ca stringPassphrase - Proxy CA Passphrase
- Proxy
Ssl string - Proxy SSL enabled / disabled. Default is disabled.
- Proxy
Ssl stringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- Renegotiate
Period string - Renogotiate Period (seconds)
- Renegotiate
Size string - Renogotiate Size
- Renegotiation string
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string - When
true
, client certificate is retained in SSL session. - Secure
Renegotiation string - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - Server
Name string - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - Session
Mirroring string - Session Mirroring (enabled / disabled)
- Session
Ticket string - Session Ticket (enabled / disabled)
- Sni
Default string - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - Ssl
C3d string - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- Ssl
Forward stringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- Ssl
Forward stringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- Ssl
Sign stringHash - SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options []string - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - Unclean
Shutdown string - Unclean Shutdown (enabled / disabled)
- alert
Timeout String - Alert time out
- allow
Expired StringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow
Non StringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate String
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate
Depth Integer - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d
Client StringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d
Drop StringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d
Ocsp String - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca
File String - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache
Size Integer - Cache size (sessions).
- cache
Timeout Integer - Cache time out
- cert String
- Specifies a cert name for use.
- cert
Extension List<String>Includes - Cert extension includes for ssl forward proxy
- cert
Key ProfileChain Client Ssl Cert Key Chain - cert
Life IntegerSpan - Life span of the certificate in days for ssl forward proxy
- cert
Lookup StringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- chain String
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher
Group String - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers String
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client
Cert StringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl
File String - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults
From String - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward
Proxy StringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- full
Path String - full path of the profile
- generation Integer
- generation
- generic
Alert String - Generic alerts enabled / disabled.
- handshake
Timeout String - Handshake time out (seconds)
- inherit
Cert StringKeychain - Inherit cert key chain
- key String
- Contains a key name
- mod
Ssl StringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode String
- ModSSL Methods enabled / disabled. Default is disabled.
- name String
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - ocsp
Stapling String - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition String
- name of partition
- passphrase String
- Client Certificate Constrained Delegation CA passphrase
- peer
Cert StringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ca StringCert - Proxy CA Cert
- proxy
Ca StringKey - Proxy CA Key
- proxy
Ca StringPassphrase - Proxy CA Passphrase
- proxy
Ssl String - Proxy SSL enabled / disabled. Default is disabled.
- proxy
Ssl StringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate
Period String - Renogotiate Period (seconds)
- renegotiate
Size String - Renogotiate Size
- renegotiation String
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate String - When
true
, client certificate is retained in SSL session. - secure
Renegotiation String - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server
Name String - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session
Mirroring String - Session Mirroring (enabled / disabled)
- session
Ticket String - Session Ticket (enabled / disabled)
- sni
Default String - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require String - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl
C3d String - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl
Forward StringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl
Forward StringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl
Sign StringHash - SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume String - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options List<String> - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean
Shutdown String - Unclean Shutdown (enabled / disabled)
- alert
Timeout string - Alert time out
- allow
Expired stringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow
Non stringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate string
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate
Depth number - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d
Client stringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d
Drop stringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d
Ocsp string - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca
File string - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache
Size number - Cache size (sessions).
- cache
Timeout number - Cache time out
- cert string
- Specifies a cert name for use.
- cert
Extension string[]Includes - Cert extension includes for ssl forward proxy
- cert
Key ProfileChain Client Ssl Cert Key Chain - cert
Life numberSpan - Life span of the certificate in days for ssl forward proxy
- cert
Lookup stringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher
Group string - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers string
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client
Cert stringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl
File string - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults
From string - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward
Proxy stringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- full
Path string - full path of the profile
- generation number
- generation
- generic
Alert string - Generic alerts enabled / disabled.
- handshake
Timeout string - Handshake time out (seconds)
- inherit
Cert stringKeychain - Inherit cert key chain
- key string
- Contains a key name
- mod
Ssl stringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode string
- ModSSL Methods enabled / disabled. Default is disabled.
- name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - ocsp
Stapling string - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition string
- name of partition
- passphrase string
- Client Certificate Constrained Delegation CA passphrase
- peer
Cert stringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ca stringCert - Proxy CA Cert
- proxy
Ca stringKey - Proxy CA Key
- proxy
Ca stringPassphrase - Proxy CA Passphrase
- proxy
Ssl string - Proxy SSL enabled / disabled. Default is disabled.
- proxy
Ssl stringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate
Period string - Renogotiate Period (seconds)
- renegotiate
Size string - Renogotiate Size
- renegotiation string
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate string - When
true
, client certificate is retained in SSL session. - secure
Renegotiation string - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server
Name string - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session
Mirroring string - Session Mirroring (enabled / disabled)
- session
Ticket string - Session Ticket (enabled / disabled)
- sni
Default string - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require string - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl
C3d string - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl
Forward stringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl
Forward stringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl
Sign stringHash - SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume string - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options string[] - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean
Shutdown string - Unclean Shutdown (enabled / disabled)
- alert_
timeout str - Alert time out
- allow_
expired_ strcrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow_
non_ strssl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate str
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate_
depth int - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d_
client_ strfallback_ cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d_
drop_ strunknown_ ocsp_ status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d_
ocsp str - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca_
file str - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache_
size int - Cache size (sessions).
- cache_
timeout int - Cache time out
- cert str
- Specifies a cert name for use.
- cert_
extension_ Sequence[str]includes - Cert extension includes for ssl forward proxy
- cert_
key_ Profilechain Client Ssl Cert Key Chain Args - cert_
life_ intspan - Life span of the certificate in days for ssl forward proxy
- cert_
lookup_ strby_ ipaddr_ port - Cert lookup by ip address and port enabled / disabled
- chain str
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher_
group str - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers str
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client_
cert_ strca - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl_
file str - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults_
from str - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward_
proxy_ strbypass_ default_ action - Forward proxy bypass default action. (enabled / disabled)
- full_
path str - full path of the profile
- generation int
- generation
- generic_
alert str - Generic alerts enabled / disabled.
- handshake_
timeout str - Handshake time out (seconds)
- inherit_
cert_ strkeychain - Inherit cert key chain
- key str
- Contains a key name
- mod_
ssl_ strmethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode str
- ModSSL Methods enabled / disabled. Default is disabled.
- name str
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - ocsp_
stapling str - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition str
- name of partition
- passphrase str
- Client Certificate Constrained Delegation CA passphrase
- peer_
cert_ strmode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy_
ca_ strcert - Proxy CA Cert
- proxy_
ca_ strkey - Proxy CA Key
- proxy_
ca_ strpassphrase - Proxy CA Passphrase
- proxy_
ssl str - Proxy SSL enabled / disabled. Default is disabled.
- proxy_
ssl_ strpassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate_
period str - Renogotiate Period (seconds)
- renegotiate_
size str - Renogotiate Size
- renegotiation str
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain_
certificate str - When
true
, client certificate is retained in SSL session. - secure_
renegotiation str - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server_
name str - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session_
mirroring str - Session Mirroring (enabled / disabled)
- session_
ticket str - Session Ticket (enabled / disabled)
- sni_
default str - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni_
require str - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl_
c3d str - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl_
forward_ strproxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl_
forward_ strproxy_ bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl_
sign_ strhash - SSL sign hash (any, sha1, sha256, sha384)
- strict_
resume str - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm_
options Sequence[str] - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean_
shutdown str - Unclean Shutdown (enabled / disabled)
- alert
Timeout String - Alert time out
- allow
Expired StringCrl - Instructs the system to use the specified CRL file even if it has expired. The default is
disabled
. - allow
Non StringSsl - Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
- authenticate String
- Specifies the frequency of client authentication for an SSL session.When
once
,specifies that the system authenticates the client once for an SSL session. Whenalways
, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session. - authenticate
Depth Number - Specifies the maximum number of certificates to be traversed in a client certificate chain
- c3d
Client StringFallback Cert - Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
- c3d
Drop StringUnknown Ocsp Status - Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
- c3d
Ocsp String - Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
- ca
File String - (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is
None
. - cache
Size Number - Cache size (sessions).
- cache
Timeout Number - Cache time out
- cert String
- Specifies a cert name for use.
- cert
Extension List<String>Includes - Cert extension includes for ssl forward proxy
- cert
Key Property MapChain - cert
Life NumberSpan - Life span of the certificate in days for ssl forward proxy
- cert
Lookup StringBy Ipaddr Port - Cert lookup by ip address and port enabled / disabled
- chain String
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- cipher
Group String - Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument,
ciphers
. The default value isnone
. - ciphers String
- Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- client
Cert StringCa - (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is
None
. - crl
File String - Specifies the name of a file containing a list of revoked client certificates. The default is
None
. - defaults
From String - Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is
/Common/clientssl
. It Should Full path/partition/profile_name
- forward
Proxy StringBypass Default Action - Forward proxy bypass default action. (enabled / disabled)
- full
Path String - full path of the profile
- generation Number
- generation
- generic
Alert String - Generic alerts enabled / disabled.
- handshake
Timeout String - Handshake time out (seconds)
- inherit
Cert StringKeychain - Inherit cert key chain
- key String
- Contains a key name
- mod
Ssl StringMethods - ModSSL Methods enabled / disabled. Default is disabled.
- mode String
- ModSSL Methods enabled / disabled. Default is disabled.
- name String
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - ocsp
Stapling String - Specifies whether the system uses OCSP stapling. The default value is
disabled
. - partition String
- name of partition
- passphrase String
- Client Certificate Constrained Delegation CA passphrase
- peer
Cert StringMode - Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ca StringCert - Proxy CA Cert
- proxy
Ca StringKey - Proxy CA Key
- proxy
Ca StringPassphrase - Proxy CA Passphrase
- proxy
Ssl String - Proxy SSL enabled / disabled. Default is disabled.
- proxy
Ssl StringPassthrough - Proxy SSL passthrough enabled / disabled. Default is disabled.
- renegotiate
Period String - Renogotiate Period (seconds)
- renegotiate
Size String - Renogotiate Size
- renegotiation String
- Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate String - When
true
, client certificate is retained in SSL session. - secure
Renegotiation String - Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
When
request
is set the system request secure renegotation of SSL connections.require
is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strict
setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers - server
Name String - Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*
character. - session
Mirroring String - Session Mirroring (enabled / disabled)
- session
Ticket String - Session Ticket (enabled / disabled)
- sni
Default String - Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require String - Requires that the network peers also provide SNI support, this setting only takes effect when
sni_default
is set totrue
.When creating a new profile, the setting is provided by the parent profile - ssl
C3d String - Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
- ssl
Forward StringProxy - Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
- ssl
Forward StringProxy Bypass - Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
- ssl
Sign StringHash - SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume String - Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options List<String> - List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options.
Usage
: tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"] - unclean
Shutdown String - Unclean Shutdown (enabled / disabled)
Supporting Types
ProfileClientSslCertKeyChain, ProfileClientSslCertKeyChainArgs
- Cert string
- Specifies a cert name for use.
- Chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- Key string
- Contains a key name
- Name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - Passphrase string
- Key passphrase
- Cert string
- Specifies a cert name for use.
- Chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- Key string
- Contains a key name
- Name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - Passphrase string
- Key passphrase
- cert String
- Specifies a cert name for use.
- chain String
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- key String
- Contains a key name
- name String
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - passphrase String
- Key passphrase
- cert string
- Specifies a cert name for use.
- chain string
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- key string
- Contains a key name
- name string
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - passphrase string
- Key passphrase
- cert str
- Specifies a cert name for use.
- chain str
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- key str
- Contains a key name
- name str
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - passphrase str
- Key passphrase
- cert String
- Specifies a cert name for use.
- chain String
- Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
- key String
- Contains a key name
- name String
- Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the
partition + profile name
,For example/Common/test-clientssl-profile
. - passphrase String
- Key passphrase
Import
ing
An existing client-ssl profile can be imported into this resource by supplying client-ssl profile Name in full path
as id
.
An example is below:
$ terraform import bigip_ltm_profile_client_ssl.test-ClientSsl-import /Common/test-ClientSsl
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- f5 BIG-IP pulumi/pulumi-f5bigip
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
bigip
Terraform Provider.