No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NETCONF YANG API Reference

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

NETCONF YANG API Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SSL

SSL

Data Model

The configuration model file matching SSL is huawei-ssl-policy.yang.
Table 3-1521 SSL Data Model

Object

Description

/huawei-ssl-policy:ssl-policy/policy

Indicates that the request operation object is an SSL policy. This object is the root object. It is only used to contain sub-objects, but does not have any data meaning.

/huawei-ssl-policy:ssl-policy/policy/realms

Indicates the PKI domain specified for an SSL policy.

/huawei-ssl-policy:ssl-policy/policy/renego-enable

Indicates whether re-negotiation of an SSL connection is enabled:

  • true: This function is enabled.
  • false: This function is disabled.

By default, re-negotiation of an SSL connection is enabled.

/huawei-ssl-policy:ssl-cfg/renego-rate

Indicates the SSL connection re-negotiation rate. The value is an integer that ranges from 0 to 65535. By default, SSL connection re-negotiation is performed once per second. The value 0 indicates that the SSL connection re-negotiation rate is not limited.

/huawei-ssl-policy:ssl-policy/policy/name

Indicates an SSL policy name. The value is a string of 1 to 31 case-sensitive characters without spaces or question marks (?).

/huawei-ssl-policy:ssl-policy/policy/type-server/server-policy/server-paras

Indicates that the request operation object is server SSL policy parameter. This object is the root object. It is only used to contain sub-objects, but does not have any data meaning.

/huawei-ssl-policy:ssl-policy/policy/type-server/server-policy/server-paras/server-version

Indicates the SSL protocol version used by a server SSL policy:

  • tls1.0
  • tls1.1
  • tls1.2

By default, a server SSL policy uses TLS 1.2.

/huawei-ssl-policy:ssl-policy/policy/type-server/server-policy/server-paras/server-cipher

Indicates the cipher suite supported by a server SSL policy:

  • rsa_3des_cbc_sha
  • rsa_aes_128_cbc_sha
  • rsa_aes_128_sha256
  • rsa_aes_256_sha256

By default, a server SSL policy supports cipher suites of rsa_aes_128_sha256 and rsa_aes_256_sha256.

/huawei-ssl-policy:ssl-policy/policy/type-server/client-policy/client-paras

Indicates that the request operation object is client SSL policy parameter. This object is the root object. It is only used to contain sub-objects, but does not have any data meaning.

/huawei-ssl-policy:ssl-policy/policy/type-server/client-policy/client-paras/server-verify-enable

Indicates whether rSSL server authentication is enabled in a client SSL policy:

  • true: This function is enabled.
  • false: This function is disabled.

By default, SSL server authentication is enabled in a client SSL policy.

/huawei-ssl-policy:ssl-policy/policy/type-server/client-policy/client-paras/client-version

Indicates the SSL protocol version used by a client SSL policy:

  • tls1.0
  • tls1.1
  • tls1.2

By default, a client SSL policy uses TLS 1.2.

/huawei-ssl-policy:ssl-policy/policy/type-server/client-policy/client-paras/client-cipher

Indicates the cipher suite supported by a client SSL policy:

  • rsa_3des_cbc_sha
  • rsa_aes_128_cbc_sha
  • rsa_aes_128_sha256
  • rsa_aes_256_sha256

By default, a client SSL policy supports cipher suites of rsa_aes_128_sha256 and rsa_aes_256_sha256.

Configuring a Server SSL Policy

This section provides a sample of configuring a server SSL policy using the merge method. A server SSL policy can also be configured using the create method.

Table 3-1522 Configuring a server SSL policy

Operation

XPATH

edit-config:megre

/huawei-ssl-policy:ssl-policy/policy

/huawei-ssl-policy:ssl-cfg

Data Requirements
Table 3-1523 Configuring a server SSL policy

Item

Data

Description

SSL policy name

server-policy1

-

PKI domain specified for a server SSL policy

abc

SSL protocol version used by a server SSL policy

tls1.2

Cipher suite supported by a server SSL policy

rsa_aes_256_sha256

Whether re-negotiation of an SSL connection is enabled

true

SSL connection re-negotiation rate

2

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8"> 
    <edit-config> 
        <target> 
            <running/> 
        </target> 
        <error-option>rollback-on-error</error-option> 
        <config> 
            <pki:certificate-adoption xmlns:pki="urn:huawei:params:xml:ns:yang:huawei-pki"> 
                <pki:realms xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation= "merge"> 
                    <pki:name>abc</pki:name> 
                </pki:realms> 
            </pki:certificate-adoption> 
            <ssl-policy xmlns="urn:huawei:params:xml:ns:yang:huawei-ssl-policy"> 
                <policy xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge"> 
                    <name>server-policy1</name> 
                    <server-paras> 
                        <server-version>tls1.2</server-version> 
                        <server-cipher>rsa_aes_256_sha256</server-cipher> 
                    </server-paras> 
                    <realms>abc</realms> 
                    <renego-enable>true</renego-enable> 
                </policy> 
                <ssl-cfg xmlns="urn:huawei:params:xml:ns:yang:huawei-ssl-policy"> 
                    <renego-rate>2</renego-rate> 
                </ssl-cfg> 
            </ssl-policy> 
        </config> 
    </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8"><ok/></rpc-reply> 

Configuring a Client SSL Policy

This section provides a sample of configuring a client SSL policy using the merge method. A client SSL policy can also be configured using the create method.

Table 3-1524 Configuring a client SSL policy

Operation

XPATH

edit-config:megre

/huawei-ssl-policy:ssl-policy/policy

/huawei-ssl-policy:ssl-cfg

Data Requirements
Table 3-1525 Configuring a client SSL policy

Item

Data

Description

SSL policy name

client-policy1

-

PKI domain specified for a client SSL policy

abc

SSL protocol version used by a client SSL policy

tls1.2

Cipher suite supported by a client SSL policy

rsa_aes_256_sha256

Whether re-negotiation of an SSL connection is enabled

true

SSL connection re-negotiation rate

2

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8"> 
    <edit-config> 
        <target> 
            <running/> 
        </target> 
        <error-option>rollback-on-error</error-option> 
        <config> 
            <pki:certificate-adoption xmlns:pki="urn:huawei:params:xml:ns:yang:huawei-pki"> 
                <pki:realms xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation= "merge"> 
                    <pki:name>abc</pki:name> 
                </pki:realms> 
            </pki:certificate-adoption> 
            <ssl-policy xmlns="urn:huawei:params:xml:ns:yang:huawei-ssl-policy"> 
                <policy xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge"> 
                    <name>client-policy1</name> 
                    <client-paras> 
                        <client-version>tls1.2</client-version> 
                        <client-cipher>rsa_aes_256_sha256</client-cipher> 
                    </client-paras>  
                    <realms>abc</realms> 
                    <renego-enable>true</renego-enable> 
                </policy> 
                <ssl-cfg xmlns="urn:huawei:params:xml:ns:yang:huawei-ssl-policy"> 
                    <renego-rate>2</renego-rate> 
                </ssl-cfg> 
            </ssl-policy> 
        </config> 
    </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="43a8e485-35d2-499e-895c-e2d2d5f555a8"><ok/></rpc-reply> 
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100022096

Views: 9737

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next