ProfileServerSsl
f5bigip.ltm.ProfileServerSsl Manages server SSL profiles on a BIG-IP
Example Usage
using Pulumi;
using F5BigIP = Pulumi.F5BigIP;
class MyStack : Stack
{
public MyStack()
{
var test_ServerSsl = new F5BigIP.Ltm.ProfileServerSsl("test-ServerSsl", new F5BigIP.Ltm.ProfileServerSslArgs
{
Authenticate = "always",
Ciphers = "DEFAULT",
DefaultsFrom = "/Common/serverssl",
Name = "/Common/test-ServerSsl",
Partition = "Common",
});
}
}
Coming soon!
import pulumi
import pulumi_f5bigip as f5bigip
test__server_ssl = f5bigip.ltm.ProfileServerSsl("test-ServerSsl",
authenticate="always",
ciphers="DEFAULT",
defaults_from="/Common/serverssl",
name="/Common/test-ServerSsl",
partition="Common")import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";
const test_ServerSsl = new f5bigip.ltm.ProfileServerSsl("test-ServerSsl", {
authenticate: "always",
ciphers: "DEFAULT",
defaultsFrom: "/Common/serverssl",
name: "/Common/test-ServerSsl",
partition: "Common",
});Create a ProfileServerSsl Resource
new ProfileServerSsl(name: string, args: ProfileServerSslArgs, opts?: CustomResourceOptions);def ProfileServerSsl(resource_name, opts=None, alert_timeout=None, authenticate=None, authenticate_depth=None, ca_file=None, cache_size=None, cache_timeout=None, cert=None, chain=None, ciphers=None, defaults_from=None, expire_cert_response_control=None, full_path=None, generation=None, generic_alert=None, handshake_timeout=None, key=None, mod_ssl_methods=None, mode=None, name=None, partition=None, passphrase=None, peer_cert_mode=None, proxy_ssl=None, renegotiate_period=None, renegotiate_size=None, renegotiation=None, retain_certificate=None, secure_renegotiation=None, server_name=None, session_mirroring=None, session_ticket=None, sni_default=None, sni_require=None, ssl_forward_proxy=None, ssl_forward_proxy_bypass=None, ssl_sign_hash=None, strict_resume=None, tm_options=None, unclean_shutdown=None, untrusted_cert_response_control=None, __props__=None);func NewProfileServerSsl(ctx *Context, name string, args ProfileServerSslArgs, opts ...ResourceOption) (*ProfileServerSsl, error)public ProfileServerSsl(string name, ProfileServerSslArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args ProfileServerSslArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProfileServerSslArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProfileServerSslArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
ProfileServerSsl Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The ProfileServerSsl resource accepts the following input properties:
- Name string
Specifies the name of the profile. (type
string)- Alert
Timeout string Alert time out
- Authenticate string
Server authentication once / always (default is once).
- Authenticate
Depth int Client certificate chain traversal depth. Default 9.
- Ca
File string Client certificate file path. Default None.
- Cache
Size int Cache size (sessions).
- Cache
Timeout int Cache time out
- Cert string
Specifies the name of the certificate that the system uses for server-side SSL processing.
- Chain string
Specifies the certificates-key chain to associate with the SSL profile
- Ciphers string
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Defaults
From string The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- Expire
Cert stringResponse Control Response if the cert is expired (drop / ignore).
- Full
Path string full path of the profile
- Generation int
generation
- Generic
Alert string Generic alerts enabled / disabled.
- Handshake
Timeout string Handshake time out (seconds)
- Key string
Specifies the file name of the SSL key.
- Mod
Ssl stringMethods ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
ModSSL Methods enabled / disabled. Default is disabled.
- Partition string
Device partition to manage resources on.
- Passphrase string
Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ssl string Proxy SSL enabled / disabled. Default is disabled.
- Renegotiate
Period string Renogotiate Period (seconds)
- Renegotiate
Size string Renogotiate Size
- Renegotiation string
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string When
true, client certificate is retained in SSL session.- Secure
Renegotiation string Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- Server
Name string Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- Session
Mirroring string Session Mirroring (enabled / disabled)
- Session
Ticket string Session Ticket (enabled / disabled)
- Sni
Default string Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- Ssl
Forward stringProxy SSL forward Proxy (enabled / disabled)
- Ssl
Forward stringProxy Bypass SSL forward Proxy Bypass (enabled / disabled)
- Ssl
Sign stringHash SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options List<string> - Unclean
Shutdown string Unclean Shutdown (enabled / disabled)
- Untrusted
Cert stringResponse Control Unclean Shutdown (drop / ignore)
- Name string
Specifies the name of the profile. (type
string)- Alert
Timeout string Alert time out
- Authenticate string
Server authentication once / always (default is once).
- Authenticate
Depth int Client certificate chain traversal depth. Default 9.
- Ca
File string Client certificate file path. Default None.
- Cache
Size int Cache size (sessions).
- Cache
Timeout int Cache time out
- Cert string
Specifies the name of the certificate that the system uses for server-side SSL processing.
- Chain string
Specifies the certificates-key chain to associate with the SSL profile
- Ciphers string
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Defaults
From string The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- Expire
Cert stringResponse Control Response if the cert is expired (drop / ignore).
- Full
Path string full path of the profile
- Generation int
generation
- Generic
Alert string Generic alerts enabled / disabled.
- Handshake
Timeout string Handshake time out (seconds)
- Key string
Specifies the file name of the SSL key.
- Mod
Ssl stringMethods ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
ModSSL Methods enabled / disabled. Default is disabled.
- Partition string
Device partition to manage resources on.
- Passphrase string
Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ssl string Proxy SSL enabled / disabled. Default is disabled.
- Renegotiate
Period string Renogotiate Period (seconds)
- Renegotiate
Size string Renogotiate Size
- Renegotiation string
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string When
true, client certificate is retained in SSL session.- Secure
Renegotiation string Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- Server
Name string Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- Session
Mirroring string Session Mirroring (enabled / disabled)
- Session
Ticket string Session Ticket (enabled / disabled)
- Sni
Default string Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- Ssl
Forward stringProxy SSL forward Proxy (enabled / disabled)
- Ssl
Forward stringProxy Bypass SSL forward Proxy Bypass (enabled / disabled)
- Ssl
Sign stringHash SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options []string - Unclean
Shutdown string Unclean Shutdown (enabled / disabled)
- Untrusted
Cert stringResponse Control Unclean Shutdown (drop / ignore)
- name string
Specifies the name of the profile. (type
string)- alert
Timeout string Alert time out
- authenticate string
Server authentication once / always (default is once).
- authenticate
Depth number Client certificate chain traversal depth. Default 9.
- ca
File string Client certificate file path. Default None.
- cache
Size number Cache size (sessions).
- cache
Timeout number Cache time out
- cert string
Specifies the name of the certificate that the system uses for server-side SSL processing.
- chain string
Specifies the certificates-key chain to associate with the SSL profile
- ciphers string
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- defaults
From string The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- expire
Cert stringResponse Control Response if the cert is expired (drop / ignore).
- full
Path string full path of the profile
- generation number
generation
- generic
Alert string Generic alerts enabled / disabled.
- handshake
Timeout string Handshake time out (seconds)
- key string
Specifies the file name of the SSL key.
- mod
Ssl stringMethods ModSSL Methods enabled / disabled. Default is disabled.
- mode string
ModSSL Methods enabled / disabled. Default is disabled.
- partition string
Device partition to manage resources on.
- passphrase string
Client Certificate Constrained Delegation CA passphrase
- peer
Cert stringMode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ssl string Proxy SSL enabled / disabled. Default is disabled.
- renegotiate
Period string Renogotiate Period (seconds)
- renegotiate
Size string Renogotiate Size
- renegotiation string
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate string When
true, client certificate is retained in SSL session.- secure
Renegotiation string Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- server
Name string Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- session
Mirroring string Session Mirroring (enabled / disabled)
- session
Ticket string Session Ticket (enabled / disabled)
- sni
Default string Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require string Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- ssl
Forward stringProxy SSL forward Proxy (enabled / disabled)
- ssl
Forward stringProxy Bypass SSL forward Proxy Bypass (enabled / disabled)
- ssl
Sign stringHash SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume string Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options string[] - unclean
Shutdown string Unclean Shutdown (enabled / disabled)
- untrusted
Cert stringResponse Control Unclean Shutdown (drop / ignore)
- name str
Specifies the name of the profile. (type
string)- alert_
timeout str Alert time out
- authenticate str
Server authentication once / always (default is once).
- authenticate_
depth float Client certificate chain traversal depth. Default 9.
- ca_
file str Client certificate file path. Default None.
- cache_
size float Cache size (sessions).
- cache_
timeout float Cache time out
- cert str
Specifies the name of the certificate that the system uses for server-side SSL processing.
- chain str
Specifies the certificates-key chain to associate with the SSL profile
- ciphers str
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- defaults_
from str The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- expire_
cert_ strresponse_ control Response if the cert is expired (drop / ignore).
- full_
path str full path of the profile
- generation float
generation
- generic_
alert str Generic alerts enabled / disabled.
- handshake_
timeout str Handshake time out (seconds)
- key str
Specifies the file name of the SSL key.
- mod_
ssl_ strmethods ModSSL Methods enabled / disabled. Default is disabled.
- mode str
ModSSL Methods enabled / disabled. Default is disabled.
- partition str
Device partition to manage resources on.
- passphrase str
Client Certificate Constrained Delegation CA passphrase
- peer_
cert_ strmode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy_
ssl str Proxy SSL enabled / disabled. Default is disabled.
- renegotiate_
period str Renogotiate Period (seconds)
- renegotiate_
size str Renogotiate Size
- renegotiation str
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain_
certificate str When
true, client certificate is retained in SSL session.- secure_
renegotiation str Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- server_
name str Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- session_
mirroring str Session Mirroring (enabled / disabled)
- session_
ticket str Session Ticket (enabled / disabled)
- sni_
default str Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni_
require str Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- ssl_
forward_ strproxy SSL forward Proxy (enabled / disabled)
- ssl_
forward_ strproxy_ bypass SSL forward Proxy Bypass (enabled / disabled)
- ssl_
sign_ strhash SSL sign hash (any, sha1, sha256, sha384)
- strict_
resume str Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm_
options List[str] - unclean_
shutdown str Unclean Shutdown (enabled / disabled)
- untrusted_
cert_ strresponse_ control Unclean Shutdown (drop / ignore)
Outputs
All input properties are implicitly available as output properties. Additionally, the ProfileServerSsl resource produces the following output properties:
Look up an Existing ProfileServerSsl Resource
Get an existing ProfileServerSsl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProfileServerSslState, opts?: CustomResourceOptions): ProfileServerSslstatic get(resource_name, id, opts=None, alert_timeout=None, authenticate=None, authenticate_depth=None, ca_file=None, cache_size=None, cache_timeout=None, cert=None, chain=None, ciphers=None, defaults_from=None, expire_cert_response_control=None, full_path=None, generation=None, generic_alert=None, handshake_timeout=None, key=None, mod_ssl_methods=None, mode=None, name=None, partition=None, passphrase=None, peer_cert_mode=None, proxy_ssl=None, renegotiate_period=None, renegotiate_size=None, renegotiation=None, retain_certificate=None, secure_renegotiation=None, server_name=None, session_mirroring=None, session_ticket=None, sni_default=None, sni_require=None, ssl_forward_proxy=None, ssl_forward_proxy_bypass=None, ssl_sign_hash=None, strict_resume=None, tm_options=None, unclean_shutdown=None, untrusted_cert_response_control=None, __props__=None);func GetProfileServerSsl(ctx *Context, name string, id IDInput, state *ProfileServerSslState, opts ...ResourceOption) (*ProfileServerSsl, error)public static ProfileServerSsl Get(string name, Input<string> id, ProfileServerSslState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Alert
Timeout string Alert time out
- Authenticate string
Server authentication once / always (default is once).
- Authenticate
Depth int Client certificate chain traversal depth. Default 9.
- Ca
File string Client certificate file path. Default None.
- Cache
Size int Cache size (sessions).
- Cache
Timeout int Cache time out
- Cert string
Specifies the name of the certificate that the system uses for server-side SSL processing.
- Chain string
Specifies the certificates-key chain to associate with the SSL profile
- Ciphers string
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Defaults
From string The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- Expire
Cert stringResponse Control Response if the cert is expired (drop / ignore).
- Full
Path string full path of the profile
- Generation int
generation
- Generic
Alert string Generic alerts enabled / disabled.
- Handshake
Timeout string Handshake time out (seconds)
- Key string
Specifies the file name of the SSL key.
- Mod
Ssl stringMethods ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
ModSSL Methods enabled / disabled. Default is disabled.
- Name string
Specifies the name of the profile. (type
string)- Partition string
Device partition to manage resources on.
- Passphrase string
Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ssl string Proxy SSL enabled / disabled. Default is disabled.
- Renegotiate
Period string Renogotiate Period (seconds)
- Renegotiate
Size string Renogotiate Size
- Renegotiation string
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string When
true, client certificate is retained in SSL session.- Secure
Renegotiation string Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- Server
Name string Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- Session
Mirroring string Session Mirroring (enabled / disabled)
- Session
Ticket string Session Ticket (enabled / disabled)
- Sni
Default string Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- Ssl
Forward stringProxy SSL forward Proxy (enabled / disabled)
- Ssl
Forward stringProxy Bypass SSL forward Proxy Bypass (enabled / disabled)
- Ssl
Sign stringHash SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options List<string> - Unclean
Shutdown string Unclean Shutdown (enabled / disabled)
- Untrusted
Cert stringResponse Control Unclean Shutdown (drop / ignore)
- Alert
Timeout string Alert time out
- Authenticate string
Server authentication once / always (default is once).
- Authenticate
Depth int Client certificate chain traversal depth. Default 9.
- Ca
File string Client certificate file path. Default None.
- Cache
Size int Cache size (sessions).
- Cache
Timeout int Cache time out
- Cert string
Specifies the name of the certificate that the system uses for server-side SSL processing.
- Chain string
Specifies the certificates-key chain to associate with the SSL profile
- Ciphers string
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- Defaults
From string The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- Expire
Cert stringResponse Control Response if the cert is expired (drop / ignore).
- Full
Path string full path of the profile
- Generation int
generation
- Generic
Alert string Generic alerts enabled / disabled.
- Handshake
Timeout string Handshake time out (seconds)
- Key string
Specifies the file name of the SSL key.
- Mod
Ssl stringMethods ModSSL Methods enabled / disabled. Default is disabled.
- Mode string
ModSSL Methods enabled / disabled. Default is disabled.
- Name string
Specifies the name of the profile. (type
string)- Partition string
Device partition to manage resources on.
- Passphrase string
Client Certificate Constrained Delegation CA passphrase
- Peer
Cert stringMode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- Proxy
Ssl string Proxy SSL enabled / disabled. Default is disabled.
- Renegotiate
Period string Renogotiate Period (seconds)
- Renegotiate
Size string Renogotiate Size
- Renegotiation string
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- Retain
Certificate string When
true, client certificate is retained in SSL session.- Secure
Renegotiation string Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- Server
Name string Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- Session
Mirroring string Session Mirroring (enabled / disabled)
- Session
Ticket string Session Ticket (enabled / disabled)
- Sni
Default string Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- Sni
Require string Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- Ssl
Forward stringProxy SSL forward Proxy (enabled / disabled)
- Ssl
Forward stringProxy Bypass SSL forward Proxy Bypass (enabled / disabled)
- Ssl
Sign stringHash SSL sign hash (any, sha1, sha256, sha384)
- Strict
Resume string Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- Tm
Options []string - Unclean
Shutdown string Unclean Shutdown (enabled / disabled)
- Untrusted
Cert stringResponse Control Unclean Shutdown (drop / ignore)
- alert
Timeout string Alert time out
- authenticate string
Server authentication once / always (default is once).
- authenticate
Depth number Client certificate chain traversal depth. Default 9.
- ca
File string Client certificate file path. Default None.
- cache
Size number Cache size (sessions).
- cache
Timeout number Cache time out
- cert string
Specifies the name of the certificate that the system uses for server-side SSL processing.
- chain string
Specifies the certificates-key chain to associate with the SSL profile
- ciphers string
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- defaults
From string The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- expire
Cert stringResponse Control Response if the cert is expired (drop / ignore).
- full
Path string full path of the profile
- generation number
generation
- generic
Alert string Generic alerts enabled / disabled.
- handshake
Timeout string Handshake time out (seconds)
- key string
Specifies the file name of the SSL key.
- mod
Ssl stringMethods ModSSL Methods enabled / disabled. Default is disabled.
- mode string
ModSSL Methods enabled / disabled. Default is disabled.
- name string
Specifies the name of the profile. (type
string)- partition string
Device partition to manage resources on.
- passphrase string
Client Certificate Constrained Delegation CA passphrase
- peer
Cert stringMode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy
Ssl string Proxy SSL enabled / disabled. Default is disabled.
- renegotiate
Period string Renogotiate Period (seconds)
- renegotiate
Size string Renogotiate Size
- renegotiation string
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain
Certificate string When
true, client certificate is retained in SSL session.- secure
Renegotiation string Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- server
Name string Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- session
Mirroring string Session Mirroring (enabled / disabled)
- session
Ticket string Session Ticket (enabled / disabled)
- sni
Default string Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni
Require string Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- ssl
Forward stringProxy SSL forward Proxy (enabled / disabled)
- ssl
Forward stringProxy Bypass SSL forward Proxy Bypass (enabled / disabled)
- ssl
Sign stringHash SSL sign hash (any, sha1, sha256, sha384)
- strict
Resume string Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm
Options string[] - unclean
Shutdown string Unclean Shutdown (enabled / disabled)
- untrusted
Cert stringResponse Control Unclean Shutdown (drop / ignore)
- alert_
timeout str Alert time out
- authenticate str
Server authentication once / always (default is once).
- authenticate_
depth float Client certificate chain traversal depth. Default 9.
- ca_
file str Client certificate file path. Default None.
- cache_
size float Cache size (sessions).
- cache_
timeout float Cache time out
- cert str
Specifies the name of the certificate that the system uses for server-side SSL processing.
- chain str
Specifies the certificates-key chain to associate with the SSL profile
- ciphers str
Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
- defaults_
from str The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is
/Common/serverssl.- expire_
cert_ strresponse_ control Response if the cert is expired (drop / ignore).
- full_
path str full path of the profile
- generation float
generation
- generic_
alert str Generic alerts enabled / disabled.
- handshake_
timeout str Handshake time out (seconds)
- key str
Specifies the file name of the SSL key.
- mod_
ssl_ strmethods ModSSL Methods enabled / disabled. Default is disabled.
- mode str
ModSSL Methods enabled / disabled. Default is disabled.
- name str
Specifies the name of the profile. (type
string)- partition str
Device partition to manage resources on.
- passphrase str
Client Certificate Constrained Delegation CA passphrase
- peer_
cert_ strmode Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
- proxy_
ssl str Proxy SSL enabled / disabled. Default is disabled.
- renegotiate_
period str Renogotiate Period (seconds)
- renegotiate_
size str Renogotiate Size
- renegotiation str
Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
- retain_
certificate str When
true, client certificate is retained in SSL session.- secure_
renegotiation str Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When
requestis set the system request secure renegotation of SSL connections.requireis a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. Therequire-strictsetting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers- server_
name str Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk
*character.- session_
mirroring str Session Mirroring (enabled / disabled)
- session_
ticket str Session Ticket (enabled / disabled)
- sni_
default str Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
- sni_
require str Requires that the network peers also provide SNI support, this setting only takes effect when
sni_defaultis set totrue.When creating a new profile, the setting is provided by the parent profile- ssl_
forward_ strproxy SSL forward Proxy (enabled / disabled)
- ssl_
forward_ strproxy_ bypass SSL forward Proxy Bypass (enabled / disabled)
- ssl_
sign_ strhash SSL sign hash (any, sha1, sha256, sha384)
- strict_
resume str Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
- tm_
options List[str] - unclean_
shutdown str Unclean Shutdown (enabled / disabled)
- untrusted_
cert_ strresponse_ control Unclean Shutdown (drop / ignore)
Package Details
- Repository
- https://github.com/pulumi/pulumi-f5bigip
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
bigipTerraform Provider.