@pulumi/f5bigip
Version:
A Pulumi package for creating and managing F5 BigIP resources.
789 lines (788 loc) • 34 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* `f5bigip.ltm.ProfileClientSsl` Manages client SSL profiles on a BIG-IP
*
* Resources should be named with their "full path". The full path is the combination of the partition + name (example: /Common/my-pool ) or partition + directory + name of the resource (example: /Common/test/my-pool )
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as f5bigip from "@pulumi/f5bigip";
*
* const test_ClientSsl = new f5bigip.ltm.ProfileClientSsl("test-ClientSsl", {
* name: "/Common/test-ClientSsl",
* defaultsFrom: "/Common/clientssl",
* authenticate: "always",
* ciphers: "DEFAULT",
* });
* ```
*
* ## Importing
*
* An existing client-ssl profile can be imported into this resource by supplying client-ssl profile Name in `full path` as `id`.
* An example is below:
* ```sh
* $ terraform import bigip_ltm_profile_client_ssl.test-ClientSsl-import /Common/test-ClientSsl
* ```
*/
export declare class ProfileClientSsl extends pulumi.CustomResource {
/**
* Get an existing ProfileClientSsl resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProfileClientSslState, opts?: pulumi.CustomResourceOptions): ProfileClientSsl;
/**
* Returns true if the given object is an instance of ProfileClientSsl. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is ProfileClientSsl;
/**
* Alert time out
*/
readonly alertTimeout: pulumi.Output<string>;
/**
* Instructs the system to use the specified CRL file even if it has expired. The default is `disabled`.
*/
readonly allowExpiredCrl: pulumi.Output<string>;
/**
* Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
*/
readonly allowNonSsl: pulumi.Output<string>;
/**
* Specifies the frequency of client authentication for an SSL session.When `once`,specifies that the system authenticates the client once for an SSL session.
* When `always`, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
*/
readonly authenticate: pulumi.Output<string>;
/**
* Specifies the maximum number of certificates to be traversed in a client certificate chain
*/
readonly authenticateDepth: pulumi.Output<number>;
/**
* Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
*/
readonly c3dClientFallbackCert: pulumi.Output<string>;
/**
* Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
*/
readonly c3dDropUnknownOcspStatus: pulumi.Output<string>;
/**
* Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
*/
readonly c3dOcsp: pulumi.Output<string>;
/**
* (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is `None`.
*/
readonly caFile: pulumi.Output<string>;
/**
* Cache size (sessions).
*/
readonly cacheSize: pulumi.Output<number>;
/**
* Cache time out
*/
readonly cacheTimeout: pulumi.Output<number>;
/**
* Specifies the name of the certificate that the system uses for client-side SSL processing. The default is `default`
*/
readonly cert: pulumi.Output<string>;
/**
* Cert extension includes for ssl forward proxy
*/
readonly certExtensionIncludes: pulumi.Output<string[]>;
/**
* `certKeyChain` Specifies one or more certificates and keys to associate with the SSL profile.
* See Cert Key Chain below for more details.
*
* > **NOTE** `certKeyChain` is recommend way for adding cert-key-chain to profile. If `certKeyChain` block provided, we should not provide `cert`, `key` and `chain`.
*/
readonly certKeyChain: pulumi.Output<outputs.ltm.ProfileClientSslCertKeyChain | undefined>;
/**
* Life span of the certificate in days for ssl forward proxy
*/
readonly certLifeSpan: pulumi.Output<number>;
/**
* Cert lookup by ip address and port enabled / disabled
*/
readonly certLookupByIpaddrPort: pulumi.Output<string>;
/**
* Specifies a certificate chain file that a server can use for authentication. The default is `None`.
*/
readonly chain: pulumi.Output<string>;
/**
* Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, `ciphers`. The default value is `none`.
*/
readonly cipherGroup: pulumi.Output<string>;
/**
* BigIP Cipher string.
*/
readonly ciphers: pulumi.Output<string>;
/**
* (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is `None`.
*/
readonly clientCertCa: pulumi.Output<string>;
/**
* Specifies the name of a file containing a list of revoked client certificates. The default is `None`.
*/
readonly crlFile: pulumi.Output<string>;
/**
* Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is `/Common/clientssl`. It Should Full path `/partition/profile_name`
*/
readonly defaultsFrom: pulumi.Output<string | undefined>;
/**
* Forward proxy bypass default action. (enabled / disabled)
*/
readonly forwardProxyBypassDefaultAction: pulumi.Output<string>;
/**
* full path of the profile
*/
readonly fullPath: pulumi.Output<string>;
/**
* generation
*/
readonly generation: pulumi.Output<number>;
/**
* Generic alerts enabled / disabled.
*/
readonly genericAlert: pulumi.Output<string>;
/**
* Handshake time out (seconds)
*/
readonly handshakeTimeout: pulumi.Output<string>;
/**
* Inherit cert key chain
*/
readonly inheritCertKeychain: pulumi.Output<string>;
/**
* Specifies the file name of the SSL key. The default is `default`
*/
readonly key: pulumi.Output<string>;
/**
* ModSSL Methods enabled / disabled. Default is disabled.
*/
readonly modSslMethods: pulumi.Output<string>;
/**
* ModSSL Methods enabled / disabled. Default is disabled.
*/
readonly mode: pulumi.Output<string>;
/**
* Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the `partition + profile name`,For example `/Common/test-clientssl-profile`.
*/
readonly name: pulumi.Output<string>;
/**
* Specifies whether the system uses OCSP stapling. The default value is `disabled`.
*/
readonly ocspStapling: pulumi.Output<string | undefined>;
/**
* name of partition
*/
readonly partition: pulumi.Output<string>;
/**
* Client Certificate Constrained Delegation CA passphrase
*/
readonly passphrase: pulumi.Output<string>;
/**
* Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
*/
readonly peerCertMode: pulumi.Output<string>;
/**
* Proxy CA Cert
*/
readonly proxyCaCert: pulumi.Output<string>;
/**
* Proxy CA Key
*/
readonly proxyCaKey: pulumi.Output<string>;
/**
* Proxy CA Passphrase
*/
readonly proxyCaPassphrase: pulumi.Output<string>;
/**
* Proxy SSL enabled / disabled. Default is disabled.
*/
readonly proxySsl: pulumi.Output<string>;
/**
* Proxy SSL passthrough enabled / disabled. Default is disabled.
*/
readonly proxySslPassthrough: pulumi.Output<string>;
/**
* Renogotiate Period (seconds)
*/
readonly renegotiatePeriod: pulumi.Output<string>;
/**
* Renogotiate Size
*/
readonly renegotiateSize: pulumi.Output<string>;
/**
* Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
*/
readonly renegotiation: pulumi.Output<string>;
/**
* When `true`, client certificate is retained in SSL session.
*/
readonly retainCertificate: pulumi.Output<string>;
/**
* Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
* When `request` is set the system request secure renegotation of SSL connections.
* `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
* The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
*/
readonly secureRenegotiation: pulumi.Output<string>;
/**
* Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
*/
readonly serverName: pulumi.Output<string>;
/**
* Session Mirroring (enabled / disabled)
*/
readonly sessionMirroring: pulumi.Output<string>;
/**
* Session Ticket (enabled / disabled)
*/
readonly sessionTicket: pulumi.Output<string>;
/**
* Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
* There can be only one SSL profile with this setting enabled.
*/
readonly sniDefault: pulumi.Output<string>;
/**
* Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
*/
readonly sniRequire: pulumi.Output<string>;
/**
* Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
*/
readonly sslC3d: pulumi.Output<string>;
/**
* Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
*/
readonly sslForwardProxy: pulumi.Output<string>;
/**
* Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
*/
readonly sslForwardProxyBypass: pulumi.Output<string>;
/**
* SSL sign hash (any, sha1, sha256, sha384)
*/
readonly sslSignHash: pulumi.Output<string>;
/**
* Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
*/
readonly strictResume: pulumi.Output<string>;
/**
* List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
* Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions = ["dont-insert-empty-fragments","no-tlsv1.3"]
*/
readonly tmOptions: pulumi.Output<string[]>;
/**
* Unclean Shutdown (enabled / disabled)
*/
readonly uncleanShutdown: pulumi.Output<string>;
/**
* Create a ProfileClientSsl resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: ProfileClientSslArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering ProfileClientSsl resources.
*/
export interface ProfileClientSslState {
/**
* Alert time out
*/
alertTimeout?: pulumi.Input<string>;
/**
* Instructs the system to use the specified CRL file even if it has expired. The default is `disabled`.
*/
allowExpiredCrl?: pulumi.Input<string>;
/**
* Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
*/
allowNonSsl?: pulumi.Input<string>;
/**
* Specifies the frequency of client authentication for an SSL session.When `once`,specifies that the system authenticates the client once for an SSL session.
* When `always`, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
*/
authenticate?: pulumi.Input<string>;
/**
* Specifies the maximum number of certificates to be traversed in a client certificate chain
*/
authenticateDepth?: pulumi.Input<number>;
/**
* Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
*/
c3dClientFallbackCert?: pulumi.Input<string>;
/**
* Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
*/
c3dDropUnknownOcspStatus?: pulumi.Input<string>;
/**
* Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
*/
c3dOcsp?: pulumi.Input<string>;
/**
* (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is `None`.
*/
caFile?: pulumi.Input<string>;
/**
* Cache size (sessions).
*/
cacheSize?: pulumi.Input<number>;
/**
* Cache time out
*/
cacheTimeout?: pulumi.Input<number>;
/**
* Specifies the name of the certificate that the system uses for client-side SSL processing. The default is `default`
*/
cert?: pulumi.Input<string>;
/**
* Cert extension includes for ssl forward proxy
*/
certExtensionIncludes?: pulumi.Input<pulumi.Input<string>[]>;
/**
* `certKeyChain` Specifies one or more certificates and keys to associate with the SSL profile.
* See Cert Key Chain below for more details.
*
* > **NOTE** `certKeyChain` is recommend way for adding cert-key-chain to profile. If `certKeyChain` block provided, we should not provide `cert`, `key` and `chain`.
*/
certKeyChain?: pulumi.Input<inputs.ltm.ProfileClientSslCertKeyChain>;
/**
* Life span of the certificate in days for ssl forward proxy
*/
certLifeSpan?: pulumi.Input<number>;
/**
* Cert lookup by ip address and port enabled / disabled
*/
certLookupByIpaddrPort?: pulumi.Input<string>;
/**
* Specifies a certificate chain file that a server can use for authentication. The default is `None`.
*/
chain?: pulumi.Input<string>;
/**
* Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, `ciphers`. The default value is `none`.
*/
cipherGroup?: pulumi.Input<string>;
/**
* BigIP Cipher string.
*/
ciphers?: pulumi.Input<string>;
/**
* (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is `None`.
*/
clientCertCa?: pulumi.Input<string>;
/**
* Specifies the name of a file containing a list of revoked client certificates. The default is `None`.
*/
crlFile?: pulumi.Input<string>;
/**
* Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is `/Common/clientssl`. It Should Full path `/partition/profile_name`
*/
defaultsFrom?: pulumi.Input<string>;
/**
* Forward proxy bypass default action. (enabled / disabled)
*/
forwardProxyBypassDefaultAction?: pulumi.Input<string>;
/**
* full path of the profile
*/
fullPath?: pulumi.Input<string>;
/**
* generation
*/
generation?: pulumi.Input<number>;
/**
* Generic alerts enabled / disabled.
*/
genericAlert?: pulumi.Input<string>;
/**
* Handshake time out (seconds)
*/
handshakeTimeout?: pulumi.Input<string>;
/**
* Inherit cert key chain
*/
inheritCertKeychain?: pulumi.Input<string>;
/**
* Specifies the file name of the SSL key. The default is `default`
*/
key?: pulumi.Input<string>;
/**
* ModSSL Methods enabled / disabled. Default is disabled.
*/
modSslMethods?: pulumi.Input<string>;
/**
* ModSSL Methods enabled / disabled. Default is disabled.
*/
mode?: pulumi.Input<string>;
/**
* Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the `partition + profile name`,For example `/Common/test-clientssl-profile`.
*/
name?: pulumi.Input<string>;
/**
* Specifies whether the system uses OCSP stapling. The default value is `disabled`.
*/
ocspStapling?: pulumi.Input<string>;
/**
* name of partition
*/
partition?: pulumi.Input<string>;
/**
* Client Certificate Constrained Delegation CA passphrase
*/
passphrase?: pulumi.Input<string>;
/**
* Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
*/
peerCertMode?: pulumi.Input<string>;
/**
* Proxy CA Cert
*/
proxyCaCert?: pulumi.Input<string>;
/**
* Proxy CA Key
*/
proxyCaKey?: pulumi.Input<string>;
/**
* Proxy CA Passphrase
*/
proxyCaPassphrase?: pulumi.Input<string>;
/**
* Proxy SSL enabled / disabled. Default is disabled.
*/
proxySsl?: pulumi.Input<string>;
/**
* Proxy SSL passthrough enabled / disabled. Default is disabled.
*/
proxySslPassthrough?: pulumi.Input<string>;
/**
* Renogotiate Period (seconds)
*/
renegotiatePeriod?: pulumi.Input<string>;
/**
* Renogotiate Size
*/
renegotiateSize?: pulumi.Input<string>;
/**
* Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
*/
renegotiation?: pulumi.Input<string>;
/**
* When `true`, client certificate is retained in SSL session.
*/
retainCertificate?: pulumi.Input<string>;
/**
* Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
* When `request` is set the system request secure renegotation of SSL connections.
* `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
* The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
*/
secureRenegotiation?: pulumi.Input<string>;
/**
* Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
*/
serverName?: pulumi.Input<string>;
/**
* Session Mirroring (enabled / disabled)
*/
sessionMirroring?: pulumi.Input<string>;
/**
* Session Ticket (enabled / disabled)
*/
sessionTicket?: pulumi.Input<string>;
/**
* Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
* There can be only one SSL profile with this setting enabled.
*/
sniDefault?: pulumi.Input<string>;
/**
* Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
*/
sniRequire?: pulumi.Input<string>;
/**
* Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
*/
sslC3d?: pulumi.Input<string>;
/**
* Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
*/
sslForwardProxy?: pulumi.Input<string>;
/**
* Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
*/
sslForwardProxyBypass?: pulumi.Input<string>;
/**
* SSL sign hash (any, sha1, sha256, sha384)
*/
sslSignHash?: pulumi.Input<string>;
/**
* Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
*/
strictResume?: pulumi.Input<string>;
/**
* List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
* Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions = ["dont-insert-empty-fragments","no-tlsv1.3"]
*/
tmOptions?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Unclean Shutdown (enabled / disabled)
*/
uncleanShutdown?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a ProfileClientSsl resource.
*/
export interface ProfileClientSslArgs {
/**
* Alert time out
*/
alertTimeout?: pulumi.Input<string>;
/**
* Instructs the system to use the specified CRL file even if it has expired. The default is `disabled`.
*/
allowExpiredCrl?: pulumi.Input<string>;
/**
* Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
*/
allowNonSsl?: pulumi.Input<string>;
/**
* Specifies the frequency of client authentication for an SSL session.When `once`,specifies that the system authenticates the client once for an SSL session.
* When `always`, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
*/
authenticate?: pulumi.Input<string>;
/**
* Specifies the maximum number of certificates to be traversed in a client certificate chain
*/
authenticateDepth?: pulumi.Input<number>;
/**
* Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
*/
c3dClientFallbackCert?: pulumi.Input<string>;
/**
* Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
*/
c3dDropUnknownOcspStatus?: pulumi.Input<string>;
/**
* Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
*/
c3dOcsp?: pulumi.Input<string>;
/**
* (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is `None`.
*/
caFile?: pulumi.Input<string>;
/**
* Cache size (sessions).
*/
cacheSize?: pulumi.Input<number>;
/**
* Cache time out
*/
cacheTimeout?: pulumi.Input<number>;
/**
* Specifies the name of the certificate that the system uses for client-side SSL processing. The default is `default`
*/
cert?: pulumi.Input<string>;
/**
* Cert extension includes for ssl forward proxy
*/
certExtensionIncludes?: pulumi.Input<pulumi.Input<string>[]>;
/**
* `certKeyChain` Specifies one or more certificates and keys to associate with the SSL profile.
* See Cert Key Chain below for more details.
*
* > **NOTE** `certKeyChain` is recommend way for adding cert-key-chain to profile. If `certKeyChain` block provided, we should not provide `cert`, `key` and `chain`.
*/
certKeyChain?: pulumi.Input<inputs.ltm.ProfileClientSslCertKeyChain>;
/**
* Life span of the certificate in days for ssl forward proxy
*/
certLifeSpan?: pulumi.Input<number>;
/**
* Cert lookup by ip address and port enabled / disabled
*/
certLookupByIpaddrPort?: pulumi.Input<string>;
/**
* Specifies a certificate chain file that a server can use for authentication. The default is `None`.
*/
chain?: pulumi.Input<string>;
/**
* Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, `ciphers`. The default value is `none`.
*/
cipherGroup?: pulumi.Input<string>;
/**
* BigIP Cipher string.
*/
ciphers?: pulumi.Input<string>;
/**
* (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is `None`.
*/
clientCertCa?: pulumi.Input<string>;
/**
* Specifies the name of a file containing a list of revoked client certificates. The default is `None`.
*/
crlFile?: pulumi.Input<string>;
/**
* Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is `/Common/clientssl`. It Should Full path `/partition/profile_name`
*/
defaultsFrom?: pulumi.Input<string>;
/**
* Forward proxy bypass default action. (enabled / disabled)
*/
forwardProxyBypassDefaultAction?: pulumi.Input<string>;
/**
* full path of the profile
*/
fullPath?: pulumi.Input<string>;
/**
* generation
*/
generation?: pulumi.Input<number>;
/**
* Generic alerts enabled / disabled.
*/
genericAlert?: pulumi.Input<string>;
/**
* Handshake time out (seconds)
*/
handshakeTimeout?: pulumi.Input<string>;
/**
* Inherit cert key chain
*/
inheritCertKeychain?: pulumi.Input<string>;
/**
* Specifies the file name of the SSL key. The default is `default`
*/
key?: pulumi.Input<string>;
/**
* ModSSL Methods enabled / disabled. Default is disabled.
*/
modSslMethods?: pulumi.Input<string>;
/**
* ModSSL Methods enabled / disabled. Default is disabled.
*/
mode?: pulumi.Input<string>;
/**
* Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the `partition + profile name`,For example `/Common/test-clientssl-profile`.
*/
name: pulumi.Input<string>;
/**
* Specifies whether the system uses OCSP stapling. The default value is `disabled`.
*/
ocspStapling?: pulumi.Input<string>;
/**
* name of partition
*/
partition?: pulumi.Input<string>;
/**
* Client Certificate Constrained Delegation CA passphrase
*/
passphrase?: pulumi.Input<string>;
/**
* Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
*/
peerCertMode?: pulumi.Input<string>;
/**
* Proxy CA Cert
*/
proxyCaCert?: pulumi.Input<string>;
/**
* Proxy CA Key
*/
proxyCaKey?: pulumi.Input<string>;
/**
* Proxy CA Passphrase
*/
proxyCaPassphrase?: pulumi.Input<string>;
/**
* Proxy SSL enabled / disabled. Default is disabled.
*/
proxySsl?: pulumi.Input<string>;
/**
* Proxy SSL passthrough enabled / disabled. Default is disabled.
*/
proxySslPassthrough?: pulumi.Input<string>;
/**
* Renogotiate Period (seconds)
*/
renegotiatePeriod?: pulumi.Input<string>;
/**
* Renogotiate Size
*/
renegotiateSize?: pulumi.Input<string>;
/**
* Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
*/
renegotiation?: pulumi.Input<string>;
/**
* When `true`, client certificate is retained in SSL session.
*/
retainCertificate?: pulumi.Input<string>;
/**
* Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
* When `request` is set the system request secure renegotation of SSL connections.
* `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
* The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
*/
secureRenegotiation?: pulumi.Input<string>;
/**
* Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
*/
serverName?: pulumi.Input<string>;
/**
* Session Mirroring (enabled / disabled)
*/
sessionMirroring?: pulumi.Input<string>;
/**
* Session Ticket (enabled / disabled)
*/
sessionTicket?: pulumi.Input<string>;
/**
* Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
* There can be only one SSL profile with this setting enabled.
*/
sniDefault?: pulumi.Input<string>;
/**
* Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
*/
sniRequire?: pulumi.Input<string>;
/**
* Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
*/
sslC3d?: pulumi.Input<string>;
/**
* Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
*/
sslForwardProxy?: pulumi.Input<string>;
/**
* Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
*/
sslForwardProxyBypass?: pulumi.Input<string>;
/**
* SSL sign hash (any, sha1, sha256, sha384)
*/
sslSignHash?: pulumi.Input<string>;
/**
* Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
*/
strictResume?: pulumi.Input<string>;
/**
* List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
* Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions = ["dont-insert-empty-fragments","no-tlsv1.3"]
*/
tmOptions?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Unclean Shutdown (enabled / disabled)
*/
uncleanShutdown?: pulumi.Input<string>;
}