LocalLB::ProfileClientSSL¶
Introduced : BIG-IP_v9.0
The ProfileClientSSL interface enables you to manipulate a local load
balancer&aposs client SSL profile.
Methods¶
| Method | Description | Introduced |
| add_certificate_key_chain | Adds certificate-key-chain objects to a client SSL profile. | BIG-IP_v11.5.0 |
| create | Certificates and keys are officially managed as certificate and certificate key file objects via the create_v2 method and the Management::KeyCertificate interface. Thus this method has been deprecated. Creates the specified client SSL profiles, using key and certificate file objects. Starting in v11.5.0, for adding or modifying DSA or ECDSA keys and certificates, please use the add_certificate_key_chain, or the set_certificate_key_chain method. The key and certificate input parameters in this method should be used for setting RSA keys and certificates only. The default flag merely indicates if the key and/or certificate have to be set to the values that are set in the RSA certificate-key-chain object in the pre-defined &aposclientssl&apos profile. | BIG-IP_v9.0 |
| create_v2 | Creates the specified client SSL profiles, using key and certificate file object names. Certificate and key file objects are managed by the Management::KeyCertificate interface. Starting in v11.5.0, for adding or modifying DSA or ECDSA keys and certificates, please use the add_certificate_key_chain, or the set_certificate_key_chain method. The key and certificate input parameters in this method should be used for setting RSA keys and certificates only. The default flag merely indicates if the key and/or certificate have to be set to the values that are set in the RSA certificate-key-chain object in the pre-defined &aposclientssl&apos profile. | BIG-IP_v11.0.0 |
| delete_all_profiles | Deletes all client SSL profiles. | BIG-IP_v9.0 |
| delete_profile | Deletes the specified client SSL profiles. | BIG-IP_v9.0 |
| get_alert_timeout | Gets the connection timeouts (in seconds) after sending an alert for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_all_statistics | Gets the statistics for all the client SSL profiles. | BIG-IP_v9.0 |
| get_allow_dynamic_record_sizing_state | Gets the states to indicate whether to allow dynamic record sizing. | BIG-IP_v12.1.0 |
| get_allow_expired_crl_state | Gets the states to allow using an expired CRL file. | system-IP_v12.0.0 |
| get_allow_nonssl_state | Gets the states to indicate whether to allow non-SSL connections to pass through as cleartext. | BIG-IP_v9.0 |
| get_authenticate_depth | Gets the client certificate chain maximum traversal depth for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_authenticate_once_state | Gets the states to request the client certificate once for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_bypass_on_failed_client_certificate_state | Gets the bypass_on_fail_client_certificate state for the specified client SSL profiles. | BIG-IP_v13.0.0 |
| get_bypass_on_handshake_alert_state | Gets the bypass_on_handshake_alert state for the specified client SSL profiles. | BIG-IP_v13.0.0 |
| get_ca_file | Certificate files are officially managed as certificate file objects via the get_ca_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the CA file object names for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_ca_file_v2 | Gets the certificate file object names for the certificate authority files for the specified client SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_cache_size | Gets the SSL session cache sizes for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_cache_timeout | Gets the SSL session cache timeouts for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_certificate_file | Certificate files are officially managed as certificate file objects via the get_certificate_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Starting in v11.5.0, this method will get the RSA certificate associated with the RSA certificate-key-chain object in the profile. For certificates in other certificate-key-chain objects, please use the get_certificate_key_chain_certificate_file method. Gets the certificate file object names to be used by BIG-IP acting as an SSL server. | BIG-IP_v9.0 |
| get_certificate_file_v2 | Gets the certificate file object names to be used by BIG-IP acting as an SSL server. Certificate file objects are managed by the Management::KeyCertificate interface. Starting in v11.5.0, this method will get the RSA certificate associated with the RSA certificate-key-chain object in the profile. For certificates in other certificate-key-chain objects, please use the get_certificate_key_chain_certificate_file method. | BIG-IP_v9.0 |
| get_certificate_key_chain | Gets the names of the certificate-key-chain objects in a client SSL profile. | BIG-IP_v11.5.0 |
| get_certificate_key_chain_certificate_file | Gets the file object name of the certificate in a certificate-key-chain a client SSL profile. | BIG-IP_v11.5.0 |
| get_certificate_key_chain_chain_file | Gets the file object name of the chain certificate in a certificate-key-chain object in a client SSL profile. | BIG-IP_v11.5.0 |
| get_certificate_key_chain_key_file | Gets the file object name of the key in a certificate-key-chain object in a client SSL profile. | BIG-IP_v11.5.0 |
| get_certificate_key_chain_ocsp_stapling_parameters | This method has been deprecated as of v13.0.0. Deprecation note: The attribute OCSP stapling parameters of certificate-key-chain is no longer used in v13.0.0. If the user tries to get this value via old TMSH or iControl calls, it will return empty strings. Gets the name of the OCSP stapling parameters object in a certificate-key-chain object. | BIG-IP_v11.6.0 |
| get_chain_file | Certificate files are officially managed as certificate file objects via the get_chain_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the certificate chain file object names for the specified client SSL profiles. Starting in v11.5.0, this method will get the name of the chain certificate associated with the RSA certificate-key chain object. For getting the names of the chain certificates associated with other certificate-key-chain objects, please use the get_certificate_key_chain_chain_file method. | BIG-IP_v9.0 |
| get_chain_file_v2 | Gets the certificate file object names for the chain certificate files for the specified client SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. Starting in v11.5.0, this method will get the name of the chain certificate associated with the RSA certificate-key-chain object. For getting the names of the chain certificates associated with other certificate-key-chain objects, please use the get_certificate_key_chain_chain_file method. | BIG-IP_v11.0.0 |
| get_cipher_list | Gets the cipher lists for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_client_certificate_ca_file | Certificate files are officially managed as certificate file objects via the get_client_certificate_ca_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the client certificate CA file object names for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_client_certificate_ca_file_v2 | Gets the certificate file object names for the client certificate authority files for the specified client SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_crl_file | Certificate revocation list files are officially managed as certificate revocation list file objects via the get_crl_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the CRL file object names for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_crl_file_v2 | Gets the certificate revocation list file object names for the specified client SSL profiles. Certificate revocation list file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_default_profile | Gets the names of the default profiles from which the specified profiles will derive default values for its attributes. | BIG-IP_v9.0 |
| get_description | Gets the descriptions for a set of client SSL profiles. | BIG-IP_v11.0.0 |
| get_forward_proxy_bypass_default_action | Gets the SSL forward proxy bypass default action for the specified client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_bypass_destination_ip_black_list | Gets the SSL forward proxy bypass Destination IP Blacklist to be used by BIG-IP as a policy list to intercept traffic for client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_bypass_destination_ip_white_list | Gets the SSL forward proxy bypass Destination IP whitelist to be used by BIG-IP as a policy list to bypass traffic for client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_bypass_hostname_black_list | Gets the SSL forward proxy bypass Hostname Blacklist to be used by BIG-IP as a policy list to intercept traffic for client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_bypass_hostname_white_list | Gets the SSL forward proxy bypass Hostname Whitelist to be used by BIG-IP as a policy list to bypass traffic for client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_bypass_source_ip_black_list | Gets the SSL forward proxy bypass Source IP Blacklist to be used by BIG-IP as a policy list to intercept traffic for client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_bypass_source_ip_white_list | Gets the SSL forward proxy bypass Source IP Whitelist to be used by BIG-IP as a policy list to bypass traffic for client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_bypass_state | Gets the SSL forward proxy bypass enabled states for the specified client SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_ca_certificate_file | Gets the SSL forward proxy CA certificate file object names to be used by BIG-IP acting as an SSL forward proxy server. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.3.0 |
| get_forward_proxy_ca_key_file | Gets the names of the SSL forward proxy CA certificate key file objects used by BIG-IP acting as an SSL forward proxy server for a set of client SSL profiles. Certificate key file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.3.0 |
| get_forward_proxy_ca_passphrase | Gets the SSL forward proxy CA key passphrases (if any) for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| get_forward_proxy_certificate_extension_include | Gets the extensions to be included in the SSL forward proxy generated certificates for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| get_forward_proxy_certificate_lifespan | Gets the SSL forward proxy generated certificate lifespans for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| get_forward_proxy_enabled_state | Gets the SSL forward proxy enabled states for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| get_forward_proxy_lookup_by_ipaddr_port_state | Gets the SSL forward proxy certificate cache by IPAddr-Port enabled states for the specified client SSL profiles. | BIG-IP_v11.4.0 |
| get_generic_alert_state | Gets the states to enforce to use generic alert number in Alert message when sending Alert message. | BIG-IP_v11.5.0 |
| get_handshake_timeout | Gets the connection timeouts (in seconds) during handshake phase for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_inherit_certkeychain_state | Gets the inherit-certificate-key-chain states for the specified client SSL profiles that are used to indicate whether the profiles&aposs certificate-key-chains are inherited and changed along with their parents&apos profiles&apos certificate-key-chains. There will not be a set method for setting the inherit-certificate-key-chain state. The inherit-certificate-key-chain state will be set to true when a client SSL profile is created and will be set to false when the certificate-key-chain of the profile is explicitly set. | BIG-IP_v12.0.0 |
| get_key_file | Certificate keys are officially managed as certificate key file objects via the get_key_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the full path to the key file used by BIG-IP acting as an SSL server. Starting in v11.5.0, this method will get the RSA key associated with the RSA certificate-key-chain object in the profile. For keys in other certificate-key-chain objects, please use the get_certificate_key_chain_key_file method. | BIG-IP_v9.0 |
| get_key_file_v2 | Gets the names of the certificate key file objects used by BIG-IP acting as an SSL server for a set of client SSL profiles. Certificate key file objects are managed by the Management::KeyCertificate interface. Starting in v11.5.0, this method will get the RSA key associated with the RSA certificate-key-chain object in the profile. For keys in other certificate-key-chain objects, please use the get_certificate_key_chain_key_file method. | BIG-IP_v9.0 |
| get_list | Gets a list of all client SSL profiles. | BIG-IP_v9.0 |
| get_maximum_active_handshakes | Gets the per-profile maximum number of outstanding SSL handshakes for the specified client SSL profiles. | BIG-IP_v12.1.0 |
| get_maximum_record_size | Gets the maximum SSL record size values. | BIG-IP_v12.1.0 |
| get_modssl_emulation_state | Gets the states to emulate modSSL for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_notify_certificate_status_to_virtual_server_state | Gets the notify-certificate-status-to-virtual-server enabled states for the specified client SSL profiles that are used to indicate whether the status of the certificats are propagated to the virtual server. | BIG-IP_v13.0.0 |
| get_ocsp_stapling_state | Gets the OCSP stapling enabled states for the specified client SSL profiles that are used to indicate whether the OCSP stapling feature is in effect for stapling the OCSP responses of the certificates in the TLS/SSL handshakes when the TLS/SSL clients request for it. | BIG-IP_v13.0.0 |
| get_passphrase | Gets the key passphrases (if any) for the specified client SSL profiles. Starting in v11.5.0, this method will get the passphrase corresponding to the RSA certificate-key-chain object. The user should not rely on the &aposdefault_flag&apos in the returned sequence of passphrases. | BIG-IP_v9.0 |
| get_peer_certification_mode | Gets the peer certification modes for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_peer_no_renegotiate_timeout | Gets the timeouts (in seconds) that the system will wait for a client hello message before sending a fatal alert. | BIG-IP_v11.6.0 |
| get_profile_mode | Gets the modes for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_proxy_ssl_passthrough_state | Gets the proxy SSL passthrough states for the specified client SSL profiles. | BIG-IP_v11.6.0 |
| get_proxy_ssl_state | Gets the proxy SSL states for the specified client SSL profiles. | BIG-IP_v11.6.0 |
| get_renegotiation_maximum_record_delay | Gets the SSL renegotiation maximum record delay for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_renegotiation_period | Gets the SSL renegotiation periods for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_renegotiation_state | Gets the states controlling whether mid-stream renegotiation is allowed for the specified client SSL profiles. | BIG-IP_v10.1.0 |
| get_renegotiation_throughput | Gets the SSL renegotiation throughputs for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_retain_certificate_state | Gets the certificate retention state for the specified client SSL profiles. | BIG-IP_v11.4.0 |
| get_secure_renegotiation_mode | Gets the secure renegotiation mode for the specified client SSL profiles. See SecureRenegotiationMode for more details. | BIG-IP_v10.2.3 |
| get_server_name | Gets the SNI server names (if any) for the specified client SSL profiles. | BIG-IP_v11.1.0 |
| get_session_mirroring_state | Gets the states to enable using session mirroring for the specified client SSL profiles. | BIG-IP_v11.6.0 |
| get_session_ticket_state | Gets the states to enforce to use session ticket per RFC 5077 for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| get_session_ticket_timeout | Gets the SSL session ticket timeouts (in seconds) which determines the lifetime of the session ticket for the specified client SSL profiles. | BIG-IP_v12.0.0 |
| get_sni_default_state | Gets the SNI default states for the specified client SSL profiles. | BIG-IP_v11.1.0 |
| get_sni_require_state | Gets the SNI require states for the specified client SSL profiles. | BIG-IP_v11.1.0 |
| get_ssl_maximum_aggregate_renegotiations_per_minute | Gets the per-profile maximum number of aggregate renegotiation attempts allowed within a minute for the specified client SSL profiles. 0 means that the feature is disabled. | BIG-IP_v12.0.0 |
| get_ssl_maximum_renegotiations_per_minute | Gets the maximum number of renegotiation attempts allowed within a minute for the specified client SSL profiles. | BIG-IP_v11.6.0 |
| get_ssl_option | Gets the SSL options for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_ssl_sign_hash | Gets the SSL sign hash algorithm to sign and verify SSL Server Key Exchange and Certificate Verify messages with for the specified SSL profiles. | BIG-IP_v9.0 |
| get_statistics | Gets the statistics for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_statistics_by_virtual | Gets the statistics for the specified profiles, by virtual server. | BIG-IP_v11.0.0 |
| get_strict_resume_state | Gets the states to enforce strict SSL session resumption per RFC2246 for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_unclean_shutdown_state | Gets the states to do an unclean shutdown for the specified client SSL profiles. | BIG-IP_v9.0 |
| get_version | Gets the version information for this interface. | BIG-IP_v9.0 |
| is_base_profile | Determines whether the specified client SSL profiles are base profiles. A base profile sits at the base of the profile&aposs inheritance tree, supplying the defaults for every profile derived from it. (See also is_system_profile). | BIG-IP_v9.0 |
| is_system_profile | Determines whether the specified client SSL profiles are system profiles. A system profile is a profile pre-configured on the system, ready for use. Non-system profiles are profiles created or modified by a user. Note that if a system profile is modified, it is no longer considered a system profile. (See also is_base_profile). | BIG-IP_v11.0.0 |
| remove_certificate_key_chain | Removes certificate-key-chain objects from a client SSL profile. It should be noted that a client SSL profile should always have an RSA certificate-key-chain object. If you attempt to remove the RSA certificate-key-chain object, the system will throw an exception. | BIG-IP_v11.5.0 |
| reset_statistics | Resets the statistics for the specified client SSL profiles. | BIG-IP_v9.0 |
| reset_statistics_by_virtual | Resets the statistics for the specified profiles, for specified virtual servers. | BIG-IP_v11.0.0 |
| set_alert_timeout | Sets the connection timeouts (in seconds) after sending an alert for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_allow_dynamic_record_sizing_state | Sets the states to indicate whether to allow dynamic record sizing. With dynamic record sizing, the first record sent will fit within the TCP MSS. The record sizes will then increase over time until the configured maximum is reached. It has been found that certain protocols, notably HTTP, show better client response times using this method. | BIG-IP_v12.1.0 |
| set_allow_expired_crl_state | Sets the states to allow using an expired CRL file. If the state is enabled, use the CRL file even if it has expired. | system-IP_v12.0.0 |
| set_allow_nonssl_state | Sets the states to indicate whether to allow non-SSL connections to pass through as cleartext. | BIG-IP_v9.0 |
| set_authenticate_depth | Sets the client certificate chain maximum traversal depth for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_authenticate_once_state | Sets the states to request the client certificate once for the specified client SSL profiles. If the state is false/disabled, client certificate is requested for each SSL session renegotiation. | BIG-IP_v9.0 |
| set_bypass_on_failed_client_certificate_state | Sets the SSL forward proxy bypass_on_failed_client_certificate state for the specified client SSL profiles. When this is enabled, the SSL forward proxy traffic will bypass the system if ServerSSL receives the Certificate Request message in the virtual servers that use this profile, but system is not configured to have the corresponding Client Certificate. The default value is disabled. | BIG-IP_v13.0.0 |
| set_bypass_on_handshake_alert_state | Sets the SSL forward proxy bypass_on_handshake_alert state for the specified client SSL profiles. When this is enabled, the SSL forward proxy traffic will bypass the system if ServerSSL receive the handshake failure(40)/protocol version(70)/unsupported extension(110) alert message in the virtual servers that use this profile. The default value is disabled. | BIG-IP_v13.0.0 |
| set_ca_file | Certificate files are officially managed as certificate file objects via the set_ca_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Sets the CA file object names for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_ca_file_v2 | Sets the certificate file object names for the certificate authority files for the specified client SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| set_cache_size | Sets the SSL session cache sizes for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_cache_timeout | Sets the SSL session cache timeouts for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_certificate_file | This method has been deprecated, due to switching to file objects as the parameters and due to the fact that calling this method usually results in an error thanks to a mismatched key and certificate. Please use set_key_certificate_file in its stead. Sets the certificate file object names to be used by BIG-IP acting as an SSL server. Starting in v11.5.0, this method will set the RSA certificate associated with the RSA certificate-key-chain object in the profile. For adding or modifying DSA or ECDSA certificates, please use add_certificate_key_chain or set_certificate_key_chain_members or set_certificate_key_chain_certificate_file methods. | BIG-IP_v9.0 |
| set_certificate_key_chain_certificate_file | Sets the certificate file object name in a certificate-key-chain object in a client SSL profile. | BIG-IP_v11.5.0 |
| set_certificate_key_chain_chain_file | Sets the chain certificate file object name in a certificate-key-chain object in a client SSL profile. | BIG-IP_v11.5.0 |
| set_certificate_key_chain_key_file | Sets the key file object name in a certificate-key-chain object in a client SSL profile. | BIG-IP_v11.5.0 |
| set_certificate_key_chain_members | Sets the members of certificate-key-chain objects in a client SSL profile. This is intended as a convenience to prevent you from having to set keys, passphrases, certificates and chains in a transaction. | BIG-IP_v11.5.0 |
| set_certificate_key_chain_ocsp_stapling_parameters | This method has been deprecated as of v13.0.0. Deprecation note: The attribute OCSP stapling parameters of certificate-key-chain is no longer used in v13.0.0. This configuration can now be achieved with associating the OCSP validator configuration with the certificate via add_certificate_validator, and then enabling OCSP validation for the certifiate via set_certificate_status_validation_options, and then enabling the OCSP stapling flag for the clientssl profile via set_ocsp_stapling_state. Sets the OCSP stapling parameters object in a certificate-key-chain object. | BIG-IP_v11.6.0 |
| set_certificate_key_chain_passphrase | Sets the key passphrase in a certificate-key-chain object in a client SSL profile. | BIG-IP_v11.5.0 |
| set_chain_file | Certificate files are officially managed as certificate file objects via the set_chain_file_v2 method and Management::KeyCertificateFile interface. Thus this method is deprecated. Sets the certificate chain file object names for the specified client SSL profiles. Starting in v11.5.0, this method will set the chain certificate associated with the RSA certificate-key-chain object in the profile. For setting the certificate chain file in other certificate-key-chain objects, please use the add_certificate_key_chain, the set_certificate_key_chain_members, or the set_certificate_key_chain_chain_file method. | BIG-IP_v9.0 |
| set_chain_file_v2 | Sets the certificate file object names for the chain certificate files for the specified client SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. Starting in v11.5.0, this method will set the chain certificate associated with the RSA certificate-key-chain object in the profile. For setting the certificate chain file in other objects, please use the add_certificate_key_chain, the set_certificate_key_chain_members, or the or set_certificate_key_chain_chain_file methods. | BIG-IP_v9.0 |
| set_cipher_list | Sets the cipher lists for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_client_certificate_ca_file | Certificate files are officially managed as certificate file objects via the set_client_certificate_ca_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Sets the client certificate CA file object names for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_client_certificate_ca_file_v2 | Sets the certificate file object names for the client certificate authority files for the specified client SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| set_crl_file | Certificate revocation list files are officially managed as certificate revocation list file objects via the set_crl_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Sets the CRL file object names for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_crl_file_v2 | Sets the certificate revocation list file object names for the specified client SSL profiles. Certificate revocation list file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| set_default_profile | Sets the names of the default profiles from which the specified profiles will derive default values for its attributes. | BIG-IP_v9.0 |
| set_description | Sets the description for a set of client SSL profiles. This is an arbitrary field which can be used for any purpose. | BIG-IP_v11.0.0 |
| set_forward_proxy_bypass_default_action | Sets the SSL forward proxy bypass default action for the specified client SSL profiles. The default value is intercept. Example: If a user configures the SSL forward proxy bypass default action to intercept, below is what the system does. 1. Check packet&aposs destination IP address against entries in destination IP blacklist. If there is a match, the packet will go through SSL forward proxy (or the packet is intercepted by SSL forward proxy). 2. If there is no match in 1, the system will check packet&aposs destination IP address against entries in destination IP whitelist. If there is a match, the packet will bypass the SSL forward proxy. 3. If still there is no match, the system will go to the next stage which is to compare the source IP and hostname similar to step 1 & 2. 4. If there are no matches after all, the packet will be set to the default action which in this case is to intercept. If the SSL forward proxy bypass default action is set to bypass, the steps will be 2, 1, 3, 4. In 4, the default action is to bypass. | BIG-IP_v11.5.0 |
| set_forward_proxy_bypass_destination_ip_black_list | Sets the SSL forward proxy bypass Destination IP Blacklist to be used by BIG-IP as a policy list to intercept traffic for client SSL profiles. The Data Group List interface is used to create the Destination IP Blacklist. | BIG-IP_v11.5.0 |
| set_forward_proxy_bypass_destination_ip_white_list | Sets the SSL forward proxy bypass Destination IP Whitelist to be used by BIG-IP as a policy list to bypass traffic for client SSL profiles. The Data Group List interface is used to create the Destination IP Whitelist. | BIG-IP_v11.5.0 |
| set_forward_proxy_bypass_hostname_black_list | Sets the SSL forward proxy bypass Hostname Blacklist to be used by BIG-IP as a policy list to intercept traffic for client SSL profiles. The Data Group List interface is used to create the Hostname Blacklist. | BIG-IP_v11.5.0 |
| set_forward_proxy_bypass_hostname_white_list | Sets the SSL forward proxy bypass Hostname Whitelist to be used by BIG-IP as a policy list to bypass traffic for client SSL profiles. The Data Group List interface is used to create the Hostname Whitelist. | BIG-IP_v11.5.0 |
| set_forward_proxy_bypass_source_ip_black_list | Sets the SSL forward proxy bypass Source IP Blacklist to be used by BIG-IP as a policy list to intercept traffic for client SSL profiles. The Data Group List interface is used to create the Source IP Blacklist. | BIG-IP_v11.5.0 |
| set_forward_proxy_bypass_source_ip_white_list | Sets the SSL forward proxy bypass Source IP Whitelist to be used by BIG-IP as a policy list to bypass traffic for client SSL profiles. The Data Group List interface is used to create the Source IP Whitelist. | BIG-IP_v11.5.0 |
| set_forward_proxy_bypass_state | Sets the SSL forward proxy bypass states for the specified client SSL profiles. When this is enabled, SSL forward proxy bypass feature is enabled for the virtual server that uses this profile. The default value is disabled. | BIG-IP_v11.5.0 |
| set_forward_proxy_ca_key_certificate_file | Sets the SSL forward proxy CA key and certificate file object names to be used by BIG-IP acting as an SSL forward proxy server for a set of client SSL profiles. Key and certificate file objects are managed by the Management::KeyCertificate interface. These values can be retrieved via the get_forward_proxy_ca_key_file and get_forward_proxy_ca_certificate_file methods. | BIG-IP_v11.3.0 |
| set_forward_proxy_ca_passphrase | Sets the SSL forward proxy CA key passphrases (if any) for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| set_forward_proxy_certificate_extension_include | Sets the extensions to be included in the SSL forward proxy generated certificates for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| set_forward_proxy_certificate_lifespan | Sets the SSL forward proxy generated certificate lifespans for the specified client SSL profiles. | BIG-IP_v11.3.0 |
| set_forward_proxy_enabled_state | Sets the SSL forward proxy enabled states for the specified client SSL profiles. When this is enabled, SSL forward proxy feature is enabled for the virtual server that uses this profile. The default value is disabled. Please make sure that the forward proxy CA certificate and key file object names and passphrases have been set correctly via set_forward_proxy_ca_key_certificate_file and set_forward_proxy_ca_passphrase before setting this to true. | BIG-IP_v11.3.0 |
| set_forward_proxy_lookup_by_ipaddr_port_state | Sets the SSL forward proxy certificate cache by IPAddr-Port enabled states for the specified client SSL profiles. When this is enabled, SSL forward proxy certificate cache by IPAddr-port feature is enabled for the virtual server that uses this profile. The default value is disabled. | BIG-IP_v11.4.0 |
| set_generic_alert_state | Sets the states to enforce to use generic alert number in Alert message when sending Alert message. If the state is enabled, use generic alert number in Alert message when sending Alert message. Otherwise, use alert number defined in RFC5246/RFC6066 strictly in Alert message when sending Alert message. The default value is enabled. | BIG-IP_v11.5.0 |
| set_handshake_timeout | Sets the connection timeouts (in seconds) during handshake phase for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_key_certificate_file | Sets the key and certificate file object names to be used by BIG-IP acting as an SSL server for a set of client SSL profiles. Key and certificate file objects are managed by the Management::KeyCertificate interface. These values can be retrieved via the get_key_file_v2 and get_certificate_file_v2 methods. Starting in v11.5.0, this method will set the RSA key and certificate associated with the RSA certificate-key-chain object in the profile. For adding or modifying DSA or ECDSA keys and certificates, please use the add_certificate_key_chain or the set_certificate_key_chain_members or the set_certificate_key_chain_certificate_file method. | BIG-IP_v9.0 |
| set_key_file | This method has been deprecated, due to switching to file objects as the parameters and due to the fact that calling this method usually results in an error thanks to a mismatched key and certificate. Please use set_key_certificate_file in its stead. Sets the key file object names to be used by BIG-IP acting as an SSL server. If a full path is not specified, the file name is relative to /config/ssl/ssl.key. Starting in v11.5.0, this method will set the RSA key associated with the RSA certificate-key-chain object in the profile. For adding or modifying DSA or ECDSA keys, please use the add_certificate_key_chain, the set_certificate_key_chain_members or the set_certificate_key_chain_key_file method. | BIG-IP_v9.0 |
| set_maximum_active_handshakes | Sets the per-profile maximum number of outstanding SSL handshakes for the specified client SSL profiles. The default is 0 which means the maximum number is infinity. | BIG-IP_v12.1.0 |
| set_maximum_record_size | Sets the maximum record size used by SSL. Typically, this is the maximum allowed by the protocol, 16K, but in some instances better performance will be seen with smaller record sizes. | BIG-IP_v12.1.0 |
| set_modssl_emulation_state | Sets the states to emulate modSSL for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_notify_certificate_status_to_virtual_server_state | Sets the notify-certificate-status-to-virtual-server enabled states for the specified client SSL profiles, to indicate whether to propagate the status of the certificates to the virtual server. When this is set to enabled, at least one certificate validator configuration on the certificates of each of the specified client SSL profiles is required. The default value is disabled. | BIG-IP_v13.0.0 |
| set_ocsp_stapling_state | Sets the OCSP stapling enabled states for the specified client SSL profiles. When this is set to enabled, at least one OCSP certificate validator configuration on the certificates of each of the specified client SSL profiles is required; and the OCSP responses of the certificate will be stapled with the TLS/SSL handshake if the TLS/SSL clients request it in the ClientHello handshake message. The default value is disabled. | BIG-IP_v13.0.0 |
| set_passphrase | Sets the key passphrases (if any) for the specified client SSL profiles. Starting in v11.5.0, this method will set the passphrase corresponding to the RSA certificate-key-chain object. For setting passphrases corresponding to other certificate-key-chain objects, please use the set_certificate_key_chain_passphrase method. The user should refrain from using the &aposdefault_flag&apos, and the exact passphrase should be specified. | BIG-IP_v9.0 |
| set_peer_certificate_mode | Sets the peer certification modes for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_peer_no_renegotiate_timeout | Sets the timeout that the system will wait for a client hello message before sending a fatal alert. The timer starts when the hello request is sent and stops when the client hello message is received within the allotted timeout, or if the timer expires before the client hello is received, a fatal alert is sent. The default is 10 seconds. You can set it to indefinite (-1) which specifies that the system continue to wait for client hello message for an unlimited time. | BIG-IP_v11.6.0 |
| set_profile_mode | Sets the modes for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_proxy_ssl_passthrough_state | When SSL client and server negotiate a cipher suite which is not supported by the proxy SSL, setting the passthrough mode enables the SSL traffic to passthrough proxy SSL. The default value is disabled. | BIG-IP_v11.6.0 |
| set_proxy_ssl_state | Proxy SSL enables SSL client and server to authenticate each other directly. When this is enabled, proxy SSL feature is enabled for the virtual server that uses this profile. The default value is disabled. | BIG-IP_v11.6.0 |
| set_renegotiation_maximum_record_delay | Sets the SSL renegotiation maximum record delay for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_renegotiation_period | Sets the SSL renegotiation periods for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_renegotiation_state | Sets the states controlling whether mid-stream renegotiation is allowed for the specified client SSL profiles. If renegotiations are enabled, the behavior is unchanged from previous releases, and mid-stream SSL renegotiations are allowed. If renegotiations are disabled, and we are acting as an SSL server, we will abort the connection. For ClientSSL, renegotiations are disabled by default. | BIG-IP_v10.1.0 |
| set_renegotiation_throughput | Sets the SSL renegotiation throughputs for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_retain_certificate_state | Sets the certificate retention state for the specified client SSL profiles. When set to false, certificate received in SSL handshake will not be stored in SSL session thus saving the memory required for processing. This setting should be set to true when using the APM module. The default value is true. | BIG-IP_v11.4.0 |
| set_secure_renegotiation_mode | Sets the secure renegotiation mode for the specified client SSL profiles. See SecureRenegotiationMode for more details. | BIG-IP_v10.2.3 |
| set_server_name | Sets the SNI server name (if any) for the specified client SSL profiles. | BIG-IP_v11.1.0 |
| set_session_mirroring_state | Sets the states to enable using session mirroring for the specified client SSL profiles. If the state is enabled, sessions will be mirrored to high availability peer. | BIG-IP_v11.6.0 |
| set_session_ticket_state | Sets the states to enforce to use session ticket per RFC 5077 for the specified client SSL profiles. If the state is enabled, use session ticket in session connection. | BIG-IP_v11.3.0 |
| set_session_ticket_timeout | Sets the SSL session ticket timeouts (in seconds) which determines the lifetime of the session ticket for the specified client SSL profiles. The default is 0 which means the SSL session cache lifetime is used. | BIG-IP_v12.0.0 |
| set_sni_default_state | Sets the SNI default states for the specified client SSL profiles. When this is set to true, this profile is the default SSL profile when a client connection does not specify a known server name, or does not specify any server name at all. The default value is false. | BIG-IP_v11.1.0 |
| set_sni_require_state | Sets the SNI require states for the specified client SSL profiles. When this is set to true, SNI support is required for the peer and if a client connection does not specify a known server name, or does not specify any server name at all, the handshake will fail. The default value is false. | BIG-IP_v11.1.0 |
| set_ssl_maximum_aggregate_renegotiations_per_minute | Sets the per-profile maximum number of aggregate renegotiation attempts allowed within a minute for the specified client SSL profiles. 0 means that the feature is disabled. | BIG-IP_v12.0.0 |
| set_ssl_maximum_renegotiations_per_minute | Sets the maximum number of renegotiation attempts allowed within a minute for the specified client SSL profiles. | BIG-IP_v11.6.0 |
| set_ssl_option | Sets the SSL options for the specified client SSL profiles. | BIG-IP_v9.0 |
| set_ssl_sign_hash | Sets the SSL sign hash algorithm to sign and verify SSL Server Key Exchange and Certificate Verify messages with for the specified SSL profiles. | BIG-IP_v9.0 |
| set_strict_resume_state | Sets the states to enforce strict SSL session resumption per RFC2246 for the specified client SSL profiles. If the state is true/enabled, don&apost send a close notify alert when closing connection. | BIG-IP_v9.0 |
| set_unclean_shutdown_state | Sets the states to do an unclean shutdown for the specified client SSL profiles. If the state is true/enabled, don&apost send a close notify alert when closing connection. | BIG-IP_v9.0 |
Structures¶
Structure
Description
A struct that holds the members of the certificate-key-chain object. A client SSL profile can be associated with at most one certificate-key-chain object of a given key-type.
ProfileClientSSLStatisticEntry
A struct that describes statistics for a particular client SSL profile.
A struct that describes profile statistics and timestamp.
Aliases¶
| Alias | Type | Description |
| CertificateKeyChainSequence | CertificateKeyChain [] | A sequence of CertificateKeyChain objects. |
| CertificateKeyChainSequenceSequence | CertificateKeyChain [] [] | A sequence of sequence of CertificateKeyChain objects. |
| ProfileClientSSLStatisticEntrySequence | ProfileClientSSLStatisticEntry [] | A sequence of ProfileClientSSL statistics. |
See Also¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.