TIMETRA-TLS-MIB DEFINITIONS ::= BEGIN IMPORTS InetAddress, InetAddressType FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF Integer32, MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI DisplayString, RowStatus, TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC timetraSRMIBModules, tmnxSRConfs, tmnxSRNotifyPrefix, tmnxSRObjs FROM TIMETRA-GLOBAL-MIB TNamedItem, TNamedItemOrEmpty, TTcpUdpPort, TmnxAdminState, TmnxOperState, TmnxVRtrID FROM TIMETRA-TC-MIB ; timetraTlsMIBModule MODULE-IDENTITY LAST-UPDATED "201701010000Z" ORGANIZATION "Nokia" CONTACT-INFO "Nokia SROS Support Web: http://www.nokia.com" DESCRIPTION "This document is the SNMP MIB module for the Nokia SROS implementation of the TLS protocol. Copyright 2008-2018 Nokia. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This SNMP MIB module (Specification) embodies Nokia's proprietary intellectual property. Nokia retains all title and ownership in the Specification, including any revisions. Nokia grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this Specification in connection with management of Nokia products, and without fee, provided this copyright notice and license appear on all copies. This Specification is supplied `as is', and Nokia makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification." REVISION "201701010000Z" DESCRIPTION "Rev 15.0 01 Jan 2017 00:00 15.0 release of the TIMETRA-WLAN-GW-MIB." REVISION "201510050000Z" DESCRIPTION "Rev 0.1 05 Oct 2015 00:00 Initial version of the TIMETRA-TLS-MIB." ::= { timetraSRMIBModules 107 } TTlsCipherSuiteCode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention specifies the cipher suite codes supported by the SR-OS which are used in the TLS Client Hello and TLS Server Hello messages. A cipher suite defines a cipher specification supported in a given version of the TLS protocol. You can find a detailed description of cipher suite codes and cipher suite definitions for the TLS protocol respectively in appendix A.5 and C of RFC 5246 Cipher suites with Null cipher are no longer supported. These are tlsRsaWithNullMd5, tlsRsaWithNullSha and tlsRsaWithNullSha256." SYNTAX INTEGER { tlsRsaWithNullMd5 (1), tlsRsaWithNullSha (2), tlsRsaWithNullSha256 (59), tlsRsaWith3desEdeCbcSha (10), tlsRsaWithAes128CbcSha (47), tlsRsaWithAes256CbcSha (53), tlsRsaWithAes128CbcSha256 (60), tlsRsaWithAes256CbcSha256 (61) } tmnxTlsObjs OBJECT IDENTIFIER ::= { tmnxSRObjs 107 } tmnxTlsScalarObjs OBJECT IDENTIFIER ::= { tmnxTlsObjs 1 } tmnxTlsConfigTimeStamps OBJECT IDENTIFIER ::= { tmnxTlsScalarObjs 1 } tTlsCertProfileTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertProfileTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsCertProfileTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 1 } tTlsCertProfEntryIdTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryIdTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsCertProfEntryIdTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 2 } tTlsCertChainCAProfTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertChainCAProfTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsCertChainCAProfTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 3 } tTlsTrustAnchorProfTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorProfTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsTrustAnchorProfTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 4 } tTlsTrustAnchorsTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorsTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsTrustAnchorsTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 5 } tTlsClientCiphListTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsClientCiphListTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsClientCiphListTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 6 } tTlsClntCiphListParTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsClntCiphListParTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsClntCiphListParamTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 7 } tTlsClntProfileTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsClntProfileTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsClntProfileTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 8 } tTlsServerCiphListTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsServerCiphListTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsServerCiphListTable by adding/deleting an entry or changing a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 9 } tTlsSrvCiphListParTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsSrvCiphListParTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsSrvCiphListParamTable by adding/deleting an entry or changing a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 10 } tTlsSrvProfileTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsSrvProfileTblLastChgd indicates the sysUpTime at the time of the last modification to tTlsSrvProfileTable by adding/deleting an entry or changing a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxTlsConfigTimeStamps 11 } tmnxTlsConfigObjs OBJECT IDENTIFIER ::= { tmnxTlsObjs 2 } tTlsCertProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsCertProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCertProfileTable stores configuration and status information related to TLS certificate profiles." ::= { tmnxTlsConfigObjs 1 } tTlsCertProfileEntry OBJECT-TYPE SYNTAX TTlsCertProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCertProfileEntry is an entry (conceptual row) in the tTlsCertProfileTable. Each entry contains information pertaining to a TLS certificate profile. Entries in this table can be created and deleted via SNMP SET operations to tTlsCertProfileRowStatus." INDEX { tTlsCertProfileName } ::= { tTlsCertProfileTable 1 } TTlsCertProfileEntry ::= SEQUENCE { tTlsCertProfileName TNamedItem, tTlsCertProfileLastChgd TimeStamp, tTlsCertProfileRowStatus RowStatus, tTlsCertProfileAdminState TmnxAdminState, tTlsCertProfileOperState TmnxOperState, tTlsCertProfileOperFlags BITS } tTlsCertProfileName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsCertProfileName specifies a TLS certificate profile name." ::= { tTlsCertProfileEntry 1 } tTlsCertProfileLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertProfileLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsCertProfileEntry 2 } tTlsCertProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsCertProfileRowStatus specifies the status of the conceptual row in tTlsCertProfileTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsCertProfileEntry 3 } tTlsCertProfileAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsCertProfileAdminState specifies the administrative state of tTlsCertProfileEntry." DEFVAL { outOfService } ::= { tTlsCertProfileEntry 4 } tTlsCertProfileOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertProfileOperState indicates the operational state of tTlsCertProfileEntry." ::= { tTlsCertProfileEntry 5 } tTlsCertProfileOperFlags OBJECT-TYPE SYNTAX BITS { profileAdminDown (0), invalidCertFile (1), invalidKeyFile (2), invalidCertKeyCombo (3), caProfileOperDown (4), invalidCAProfEntry (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tTlsCertProfileOperFlags indicates the operational condition of the certificate profile which is aggregated from all its configured entries." ::= { tTlsCertProfileEntry 6 } tTlsCertProfEntryIdTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsCertProfEntryIdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCertProfEntryIdTable stores configuration and status information related to TLS certificate profile entries." ::= { tmnxTlsConfigObjs 2 } tTlsCertProfEntryIdEntry OBJECT-TYPE SYNTAX TTlsCertProfEntryIdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCertProfEntryIdEntry is an entry (conceptual row) in the tTlsCertProfEntryIdTable. Each entry contains information pertaining to a certificate profile entry. Entries in this table can be created and deleted via SNMP SET operations to tTlsCertProfEntryIdRowStatus." INDEX { tTlsCertProfileName, tTlsCertProfEntryId } ::= { tTlsCertProfEntryIdTable 1 } TTlsCertProfEntryIdEntry ::= SEQUENCE { tTlsCertProfEntryId Integer32, tTlsCertProfEntryIdLastChgd TimeStamp, tTlsCertProfEntryIdRowStatus RowStatus, tTlsCertProfEntryIdCertFile DisplayString, tTlsCertProfEntryIdKeyFile DisplayString, tTlsCertProfEntryIdCompChain INTEGER, tTlsCertProfEntryIdOperFlags BITS } tTlsCertProfEntryId OBJECT-TYPE SYNTAX Integer32 (1..8) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryId specifies a TLS certificate profile entry identifier." ::= { tTlsCertProfEntryIdEntry 1 } tTlsCertProfEntryIdLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryIdLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsCertProfEntryIdEntry 2 } tTlsCertProfEntryIdRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryIdRowStatus specifies the status of the conceptual row in tTlsCertProfEntryIdTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsCertProfEntryIdEntry 3 } tTlsCertProfEntryIdCertFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryIdCertFile specifies the file URL of the certificate to be used with this TLS certificate profile entry." DEFVAL { ''H } ::= { tTlsCertProfEntryIdEntry 4 } tTlsCertProfEntryIdKeyFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryIdKeyFile specifies the key-pair file to be used for X.509 certificate authentication with this TLS certificate profile entry." DEFVAL { ''H } ::= { tTlsCertProfEntryIdEntry 5 } tTlsCertProfEntryIdCompChain OBJECT-TYPE SYNTAX INTEGER { notAvailable (0), partial (1), complete (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryIdCompChain indicates the status of computed chain for this TLS certificate profile entry." ::= { tTlsCertProfEntryIdEntry 6 } tTlsCertProfEntryIdOperFlags OBJECT-TYPE SYNTAX BITS { profileAdminDown (0), invalidCertFile (1), invalidKeyFile (2), invalidCertKeyCombo (3), caProfileOperDown (4), invalidCAProfEntry (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertProfEntryIdOperFlags indicates the operational condition of this certificate profile entry." ::= { tTlsCertProfEntryIdEntry 7 } tTlsCompChainCAProfTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsCompChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCompChainCAProfTable maintains Certificate-Authority (CA) profiles which are part of computed chain per certificate profile entry." ::= { tmnxTlsConfigObjs 3 } tTlsCompChainCAProfEntry OBJECT-TYPE SYNTAX TTlsCompChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCompChainCAProfEntry is an entry (conceptual row) in the tTlsCompChainCAProfTable. Each entry represents a part of the computed chain per certificate profile entry. Entries in this table are created by the system when the user wants to send a chain of CA certificates back to the peer for authentication." INDEX { tTlsCertProfileName, tTlsCertProfEntryId, tTlsCompChainCAProfOrder } ::= { tTlsCompChainCAProfTable 1 } TTlsCompChainCAProfEntry ::= SEQUENCE { tTlsCompChainCAProfOrder Integer32, tTlsCompChainCAProfName TNamedItem } tTlsCompChainCAProfOrder OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsCompChainCAProfOrder indicates the order in which a certificate-authority (CA) profile is maintained for the computed chain of this certificate profile entry." ::= { tTlsCompChainCAProfEntry 1 } tTlsCompChainCAProfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCompChainCAProfName indicates the certificate-authority (CA) profile which is part of the computed chain for this certificate profile entry." ::= { tTlsCompChainCAProfEntry 2 } tTlsCertChainCAProfTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsCertChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCertChainCAProfTable maintains configuration of chain CA profiles for TLS certificate profile entries." ::= { tmnxTlsConfigObjs 4 } tTlsCertChainCAProfEntry OBJECT-TYPE SYNTAX TTlsCertChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsCertChainCAProfEntry is an entry (conceptual row) in the tTlsCertChainCAProfTable. Each entry represents the configuration for a chain CA profile for a certificate profile entry. Entries in this table can be created and deleted via SNMP SET operations to tTlsCertChainCAProfRowStatus." INDEX { tTlsCertProfileName, tTlsCertProfEntryId, tTlsCertChainCAProfName } ::= { tTlsCertChainCAProfTable 1 } TTlsCertChainCAProfEntry ::= SEQUENCE { tTlsCertChainCAProfName TNamedItem, tTlsCertChainCAProfLastChgd TimeStamp, tTlsCertChainCAProfRowStatus RowStatus } tTlsCertChainCAProfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsCertChainCAProfName specifies the name of a chain CA profile." ::= { tTlsCertChainCAProfEntry 1 } tTlsCertChainCAProfLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsCertChainCAProfLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsCertChainCAProfEntry 2 } tTlsCertChainCAProfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsCertChainCAProfRowStatus specifies the status of the conceptual row in tTlsCertChainCAProfTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsCertChainCAProfEntry 3 } tTlsTrustAnchorProfTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsTrustAnchorProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsTrustAnchorProfTable stores configuration and status information related to TLS trust anchor profiles." ::= { tmnxTlsConfigObjs 5 } tTlsTrustAnchorProfEntry OBJECT-TYPE SYNTAX TTlsTrustAnchorProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsTrustAnchorProfEntry is an entry (conceptual row) in the tTlsTrustAnchorProfTable. Each entry contains information pertaining to a TLS trust anchor profile. Entries in this table can be created and deleted via SNMP SET operations to tTlsTrustAnchorProfRowStatus." INDEX { tTlsTrustAnchorProfName } ::= { tTlsTrustAnchorProfTable 1 } TTlsTrustAnchorProfEntry ::= SEQUENCE { tTlsTrustAnchorProfName TNamedItem, tTlsTrustAnchorProfLastChgd TimeStamp, tTlsTrustAnchorProfRowStatus RowStatus, tTlsTrustAnchorCAProfDown Integer32 } tTlsTrustAnchorProfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorProfName specifies a TLS trust anchor profile name." ::= { tTlsTrustAnchorProfEntry 1 } tTlsTrustAnchorProfLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorProfLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsTrustAnchorProfEntry 2 } tTlsTrustAnchorProfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorProfRowStatus specifies the status of the conceptual row in tTlsTrustAnchorProfTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsTrustAnchorProfEntry 3 } tTlsTrustAnchorCAProfDown OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorCAProfDown indicates the total number of trusted CA-profiles (Certificate-Authority) not operational in the trust anchor profile." ::= { tTlsTrustAnchorProfEntry 4 } tTlsTrustAnchorsTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsTrustAnchorsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsTrustAnchorsTable maintains configuration of trust anchor CA profiles for TLS trust anchor profiles." ::= { tmnxTlsConfigObjs 6 } tTlsTrustAnchorsEntry OBJECT-TYPE SYNTAX TTlsTrustAnchorsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsTrustAnchorsEntry is an entry (conceptual row) in the tTlsTrustAnchorsTable. Each entry represents the configuration of a CA profile for a TLS trust anchor profile. Entries in this table can be created and deleted via SNMP SET operations to tTlsTrustAnchorsRowStatus." INDEX { tTlsTrustAnchorProfName, tTlsTrustAnchorsCAProfile } ::= { tTlsTrustAnchorsTable 1 } TTlsTrustAnchorsEntry ::= SEQUENCE { tTlsTrustAnchorsCAProfile TNamedItem, tTlsTrustAnchorsLastChgd TimeStamp, tTlsTrustAnchorsRowStatus RowStatus } tTlsTrustAnchorsCAProfile OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorsCAProfile specifies the name of a CA profile." ::= { tTlsTrustAnchorsEntry 1 } tTlsTrustAnchorsLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorsLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsTrustAnchorsEntry 2 } tTlsTrustAnchorsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsTrustAnchorsRowStatus specifies the status of the conceptual row in tTlsTrustAnchorsTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsTrustAnchorsEntry 3 } tTlsClientCiphListTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsClientCiphListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsClientCiphListTable maintains configuration of ordered lists of supported cipher suite codes to be sent in a Client Hello message by a TLS client." ::= { tmnxTlsConfigObjs 7 } tTlsClientCiphListEntry OBJECT-TYPE SYNTAX TTlsClientCiphListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsClientCiphListEntry is an entry (conceptual row) in the tTlsClientCiphListTable. Each entry represents the configuration for an ordered list of supported cipher suite codes. Entries in this table can be created and deleted via SNMP SET operations to tTlsClientCiphListRowStatus." INDEX { tTlsClientCiphListName } ::= { tTlsClientCiphListTable 1 } TTlsClientCiphListEntry ::= SEQUENCE { tTlsClientCiphListName TNamedItem, tTlsClientCiphListLastChgd TimeStamp, tTlsClientCiphListRowStatus RowStatus } tTlsClientCiphListName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsClientCiphListName specifies the name of an ordered list of supported cipher suite codes for a TLS client." ::= { tTlsClientCiphListEntry 1 } tTlsClientCiphListLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsClientCiphListLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsClientCiphListEntry 2 } tTlsClientCiphListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClientCiphListRowStatus specifies the status of the conceptual row in tTlsClientCiphListTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsClientCiphListEntry 3 } tTlsClntCiphListParamTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsClntCiphListParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsClntCiphListParamTable stores configuration and status information related to cipher suite codes which belong to ordered lists of cipher suite codes specified by entries in tTlsClientCiphListTable." ::= { tmnxTlsConfigObjs 8 } tTlsClntCiphListParamEntry OBJECT-TYPE SYNTAX TTlsClntCiphListParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsClntCiphListParamEntry is an entry (conceptual row) in the tTlsClntCiphListParamTable. Each entry contains information pertaining to a cipher suite code which belongs to a list specified by tTlsClientCiphListName. Entries in this table can be created and deleted via SNMP SET operations to tTlsClntCiphListParamRowStatus." INDEX { tTlsClientCiphListName, tTlsClntCiphListParamIndex } ::= { tTlsClntCiphListParamTable 1 } TTlsClntCiphListParamEntry ::= SEQUENCE { tTlsClntCiphListParamIndex Unsigned32, tTlsClntCiphListParamLastChgd TimeStamp, tTlsClntCiphListParamRowStatus RowStatus, tTlsClntCiphListParamSuiteCode TTlsCipherSuiteCode } tTlsClntCiphListParamIndex OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsClntCiphListParamIndex specifies the TLS client's order of preference of a cipher suite code within the list specified by tTlsClientCiphListName." ::= { tTlsClntCiphListParamEntry 1 } tTlsClntCiphListParamLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsClntCiphListParamLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsClntCiphListParamEntry 2 } tTlsClntCiphListParamRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClntCiphListParamRowStatus specifies the status of the conceptual row in tTlsClntCiphListParamTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported. In order for the row creation to succeed, the value of tTlsClntCiphListParamSuiteCode has to be provided in the same SNMP SET PDU as the tTlsClntCiphListParamRowStatus. Otherwise the SET request will fail with an 'inconsistentValue' error." ::= { tTlsClntCiphListParamEntry 3 } tTlsClntCiphListParamSuiteCode OBJECT-TYPE SYNTAX TTlsCipherSuiteCode MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClntCiphListParamSuiteCode specifies the cipher suite code related to tTlsClntCiphListParamIndex within the list specified by tTlsClientCiphListName. In order for the row creation to succeed, the value of tTlsClntCiphListParamSuiteCode has to be provided in the same SNMP SET PDU as the tTlsClntCiphListParamRowStatus. Otherwise the SET request will fail with an 'inconsistentValue' error. Cipher suites with Null cipher are no longer supported. These are tlsRsaWithNullMd5, tlsRsaWithNullSha and tlsRsaWithNullSha256." ::= { tTlsClntCiphListParamEntry 4 } tTlsClntProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsClntProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsClntProfileTable stores configuration and status information related to TLS client profiles." ::= { tmnxTlsConfigObjs 9 } tTlsClntProfileEntry OBJECT-TYPE SYNTAX TTlsClntProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsClntProfileEntry is an entry (conceptual row) in the tTlsClntProfileTable. Each entry contains information pertaining to a TLS client profile. Entries in this table can be created and deleted via SNMP SET operations to tTlsClntProfileRowStatus." INDEX { tTlsClntProfileName } ::= { tTlsClntProfileTable 1 } TTlsClntProfileEntry ::= SEQUENCE { tTlsClntProfileName TNamedItem, tTlsClntProfileLastChgd TimeStamp, tTlsClntProfileRowStatus RowStatus, tTlsClntProfileAdminState TmnxAdminState, tTlsClntProfileOperState TmnxOperState, tTlsClntProfileCiphListName TNamedItemOrEmpty, tTlsClntProfileCertProfile TNamedItemOrEmpty, tTlsClntProfileTrstAnchrProf TNamedItemOrEmpty } tTlsClntProfileName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsClntProfileName specifies the name for a TLS client profile." ::= { tTlsClntProfileEntry 1 } tTlsClntProfileLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsClntProfileLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsClntProfileEntry 2 } tTlsClntProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClntProfileRowStatus specifies the status of the conceptual row in tTlsClntProfileTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsClntProfileEntry 3 } tTlsClntProfileAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClntProfileAdminState specifies the administrative state of the tTlsClntProfileEntry." DEFVAL { outOfService } ::= { tTlsClntProfileEntry 4 } tTlsClntProfileOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsClntProfileOperState indicates the operational state of tTlsClntProfileEntry." ::= { tTlsClntProfileEntry 5 } tTlsClntProfileCiphListName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClntProfileCiphListName specifies the ordered list of supported cipher suite codes associated with this TLS client profile." DEFVAL { ''H } ::= { tTlsClntProfileEntry 6 } tTlsClntProfileCertProfile OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClntProfileCertProfile specifies the Certificate Profile associated with this TLS client profile." DEFVAL { ''H } ::= { tTlsClntProfileEntry 7 } tTlsClntProfileTrstAnchrProf OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsClntProfileTrstAnchrProf specifies the Certificate-Authority Trust Anchor Profile associated with this TLS client profile. An 'inconsistentValue' error is returned if this object is modified when tTlsClntProfileAdminState is in 'inService' state." DEFVAL { ''H } ::= { tTlsClntProfileEntry 8 } tTlsServerCiphListTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsServerCiphListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsServerCiphListTable maintains configuration of ordered lists of supported cipher suite codes to be sent in a Server Hello message by a TLS server." ::= { tmnxTlsConfigObjs 10 } tTlsServerCiphListEntry OBJECT-TYPE SYNTAX TTlsServerCiphListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsServerCiphListEntry is an entry (conceptual row) in the tTlsServerCiphListTable. Each entry represents the configuration for an ordered list of supported cipher suite codes. Entries in this table can be created and deleted via SNMP SET operations to tTlsServerCiphListRowStatus." INDEX { tTlsServerCiphListName } ::= { tTlsServerCiphListTable 1 } TTlsServerCiphListEntry ::= SEQUENCE { tTlsServerCiphListName TNamedItem, tTlsServerCiphListLastChgd TimeStamp, tTlsServerCiphListRowStatus RowStatus } tTlsServerCiphListName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsServerCiphListName specifies the name of an ordered list of supported cipher suite codes for a TLS server." ::= { tTlsServerCiphListEntry 1 } tTlsServerCiphListLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsServerCiphListLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsServerCiphListEntry 2 } tTlsServerCiphListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsServerCiphListRowStatus specifies the status of the conceptual row in tTlsServerCiphListTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsServerCiphListEntry 3 } tTlsSrvCiphListParamTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsSrvCiphListParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsSrvCiphListParamTable stores configuration and status information related to cipher suite codes which belong to ordered lists of cipher suite codes specified by entries in tTlsServerCiphListTable." ::= { tmnxTlsConfigObjs 11 } tTlsSrvCiphListParamEntry OBJECT-TYPE SYNTAX TTlsSrvCiphListParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsSrvCiphListParamEntry is an entry (conceptual row) in the tTlsSrvCiphListParamTable. Each entry contains information pertaining to a cipher suite code which belongs to a list specified by tTlsServerCiphListName. Entries in this table can be created and deleted via SNMP SET operations to tTlsSrvCiphListParamRowStatus." INDEX { tTlsServerCiphListName, tTlsSrvCiphListParamIndex } ::= { tTlsSrvCiphListParamTable 1 } TTlsSrvCiphListParamEntry ::= SEQUENCE { tTlsSrvCiphListParamIndex Unsigned32, tTlsSrvCiphListParamLastChgd TimeStamp, tTlsSrvCiphListParamRowStatus RowStatus, tTlsSrvCiphListParamSuiteCode TTlsCipherSuiteCode } tTlsSrvCiphListParamIndex OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsSrvCiphListParamIndex specifies the TLS server's order of preference of a cipher suite code within the list specified by tTlsServerCiphListName." ::= { tTlsSrvCiphListParamEntry 1 } tTlsSrvCiphListParamLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsSrvCiphListParamLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsSrvCiphListParamEntry 2 } tTlsSrvCiphListParamRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvCiphListParamRowStatus specifies the status of the conceptual row in tTlsSrvCiphListParamTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported. In order for the row creation to succeed, the value of tTlsSrvCiphListParamSuiteCode has to be provided in the same SNMP SET PDU as the tTlsSrvCiphListParamRowStatus. Otherwise the SET request will fail with an 'inconsistentValue' error." ::= { tTlsSrvCiphListParamEntry 3 } tTlsSrvCiphListParamSuiteCode OBJECT-TYPE SYNTAX TTlsCipherSuiteCode MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvCiphListParamSuiteCode specifies the cipher suite code related to tTlsSrvCiphListParamIndex within the list specified by tTlsServerCiphListName. In order for the row creation to succeed, the value of tTlsSrvCiphListParamSuiteCode has to be provided in the same SNMP SET PDU as the tTlsSrvCiphListParamRowStatus. Otherwise the SET request will fail with an 'inconsistentValue' error. Cipher suites with Null cipher are no longer supported. These are tlsRsaWithNullMd5, tlsRsaWithNullSha and tlsRsaWithNullSha256." ::= { tTlsSrvCiphListParamEntry 4 } tTlsSrvProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF TTlsSrvProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsSrvProfileTable stores configuration and status information related to TLS server profiles." ::= { tmnxTlsConfigObjs 12 } tTlsSrvProfileEntry OBJECT-TYPE SYNTAX TTlsSrvProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tTlsSrvProfileEntry is an entry (conceptual row) in the tTlsSrvProfileTable. Each entry contains information pertaining to a TLS server profile. Entries in this table can be created and deleted via SNMP SET operations to tTlsSrvProfileRowStatus." INDEX { tTlsSrvProfileName } ::= { tTlsSrvProfileTable 1 } TTlsSrvProfileEntry ::= SEQUENCE { tTlsSrvProfileName TNamedItem, tTlsSrvProfileLastChgd TimeStamp, tTlsSrvProfileRowStatus RowStatus, tTlsSrvProfileAdminState TmnxAdminState, tTlsSrvProfileOperState TmnxOperState, tTlsSrvProfileCiphListName TNamedItemOrEmpty, tTlsSrvProfileCertProfile TNamedItemOrEmpty, tTlsSrvProfileTrstAnchrProf TNamedItemOrEmpty, tTlsSrvProfileReNegotiateTimer Unsigned32, tTlsSrvProfileCnListName TNamedItemOrEmpty } tTlsSrvProfileName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tTlsSrvProfileName specifies the name for a TLS server profile." ::= { tTlsSrvProfileEntry 1 } tTlsSrvProfileLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsSrvProfileLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tTlsSrvProfileEntry 2 } tTlsSrvProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvProfileRowStatus specifies the status of the conceptual row in tTlsSrvProfileTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tTlsSrvProfileEntry 3 } tTlsSrvProfileAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvProfileAdminState specifies the administrative state of the tTlsClntProfileEntry." DEFVAL { outOfService } ::= { tTlsSrvProfileEntry 4 } tTlsSrvProfileOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tTlsSrvProfileOperState indicates the operational state of tTlsSrvProfileEntry." ::= { tTlsSrvProfileEntry 5 } tTlsSrvProfileCiphListName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvProfileCiphListName specifies the ordered list of supported cipher suite codes associated with this TLS server profile." DEFVAL { ''H } ::= { tTlsSrvProfileEntry 6 } tTlsSrvProfileCertProfile OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvProfileCertProfile specifies the Certificate Profile associated with this TLS server profile." DEFVAL { ''H } ::= { tTlsSrvProfileEntry 7 } tTlsSrvProfileTrstAnchrProf OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvProfileTrstAnchrProf specifies the Certificate-Authority Trust Anchor Profile associated with this TLS server profile. An 'inconsistentValue' error is returned if this object is modified when tTlsSrvProfileAdminState is in 'inService' state." DEFVAL { ''H } ::= { tTlsSrvProfileEntry 8 } tTlsSrvProfileReNegotiateTimer OBJECT-TYPE SYNTAX Unsigned32 (0..65000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvProfileReNegotiateTimer specifies the number of minutes before re-negotiating new secret key used to encode/decode packets on secure connection between the server and a client." DEFVAL { 0 } ::= { tTlsSrvProfileEntry 9 } tTlsSrvProfileCnListName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tTlsSrvProfileCnListName specifies Common Name List associated with this TLS server profile. In Common Name List are present the domain names and/or IP addresses of all the clients, which are allowed to connect to the server. Domain names and IP addresses are present in a client certificate in field 'Common Name' (CN) or in the extension 'Subject Alternative Name' (SAN). If CN and none of SANs corresponds to any entry in the CN list, client will be not allowed to connect to the TLS server. If no CN list is configured, SR-OS will not take CN or SAN items into account during a TLS client authentication." DEFVAL { ''H } ::= { tTlsSrvProfileEntry 10 } tmnxTlsStatistics OBJECT IDENTIFIER ::= { tmnxTlsObjs 3 } tmnxTlsNotifyObjects OBJECT IDENTIFIER ::= { tmnxTlsObjs 10 } tmnxTlsVRtrID OBJECT-TYPE SYNTAX TmnxVRtrID MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxTlsVRtrID indicates the virtual router ID for TLS connection." ::= { tmnxTlsNotifyObjects 1 } tmnxTlsAppId OBJECT-TYPE SYNTAX INTEGER { other (0), ldap (1), grpc (2), openflow (3), https (4), dialout-telemetry (5), remote-management (6) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsAppId indicates the type of the application using TLS connection associated with the notification." ::= { tmnxTlsNotifyObjects 2 } tmnxTlsRole OBJECT-TYPE SYNTAX INTEGER { server (0), client (1) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsRole indicates the role of the application using TLS connection associated with the notification." ::= { tmnxTlsNotifyObjects 3 } tmnxTlsLocalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsLocalAddrType indicates the type of the IP address stored in the object tmnxTlsLocalAddr." ::= { tmnxTlsNotifyObjects 4 } tmnxTlsLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsLocalAddr indicates a local IP address of TLS connection." ::= { tmnxTlsNotifyObjects 5 } tmnxTlsLocalPort OBJECT-TYPE SYNTAX TTcpUdpPort (1..65535) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsLocalPort indicates the number of a local IP port of TLS connection." ::= { tmnxTlsNotifyObjects 6 } tmnxTlsRemoteAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsRemoteAddrType indicates the type of the IP address stored in the object tmnxTlsRemoteAddr." ::= { tmnxTlsNotifyObjects 7 } tmnxTlsRemoteAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsRemoteAddr indicates a local IP address of TLS connection." ::= { tmnxTlsNotifyObjects 8 } tmnxTlsRemotePort OBJECT-TYPE SYNTAX TTcpUdpPort (1..65535) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsRemotePort indicates the number of a remote IP port of TLS connection." ::= { tmnxTlsNotifyObjects 9 } tmnxTlsConnectionState OBJECT-TYPE SYNTAX INTEGER { initiating (0), connected (1) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsConnectionState indicates the state of the TLS connection associated with the notification." ::= { tmnxTlsNotifyObjects 10 } tmnxTlsFailureReason OBJECT-TYPE SYNTAX INTEGER { lackOfResources (0), profileNotOperational (1), invalidCertificate (2), handshakeFailure (3), badPacket (4), renegotiationFailure (5) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsFailureReason indicates the reason for the TLS connection failure: lackOfResources - Out of memory condition encountered during creation of the TLS connection, profileNotOperational - server or client TLS profile used by the TLS connec- tion is not operational - might be administratively down, have not got any operational cert profile or trust anchor, invalidCertificate - certificate received during the TLS handshake from a peer can not be verified. Exact reason can be found in tmnxAppPkiCertVerificationFailed notification, handshakeFailure - TLS handshake failed because there was no common cipher, TLS version mismatch or peer rejected our certificate, badPacket - An unexpected or corrupted packet was received, renegotiationFailure - A failure occurred during a renegotiation. The reason may be one of the reasons mentioned for handshakeFailure or profileNotOperational." ::= { tmnxTlsNotifyObjects 11 } tmnxTlsProxyAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsProxyAddrType indicates the type of the IP address stored in the object tmnxTlsProxyAddr. Value 'unknown' indicates no proxy is used for this TLS connection." ::= { tmnxTlsNotifyObjects 12 } tmnxTlsProxyAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsProxyAddr indicates a proxy address of TLS connection. It is empty if no proxy is used." ::= { tmnxTlsNotifyObjects 13 } tmnxTlsProxyPort OBJECT-TYPE SYNTAX TTcpUdpPort (0 | 1..65535) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxTlsProxyPort indicates the number of a proxy IP port of TLS connection. The value of tmnxTlsProxyPort is 0 when the value of tmnxTlsProxyAddrType is 'unknown'." ::= { tmnxTlsNotifyObjects 14 } tmnxTlsConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 107 } tmnxTlsCompliances OBJECT IDENTIFIER ::= { tmnxTlsConformance 1 } tmnxTlsComplianceV14v1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the management of the TLS protocol on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxTlsX509CertMgmtGroup, tmnxTlsClientMgmtInitialGroup } ::= { tmnxTlsCompliances 1 } tmnxTlsComplianceV15v0 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the management of the TLS protocol on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxTlsServerMgmtGroupV15v0, tmnxTlsNotifyObjsGroupV20v0, tmnxTlsNotifyGroup } ::= { tmnxTlsCompliances 2 } tmnxTlsGroups OBJECT IDENTIFIER ::= { tmnxTlsConformance 2 } tmnxTlsV14v1Groups OBJECT IDENTIFIER ::= { tmnxTlsGroups 1 } tmnxTlsX509CertMgmtGroup OBJECT-GROUP OBJECTS { tTlsCertProfileTblLastChgd, tTlsCertProfileLastChgd, tTlsCertProfileRowStatus, tTlsCertProfileAdminState, tTlsCertProfileOperState, tTlsCertProfileOperFlags, tTlsCertProfEntryIdTblLastChgd, tTlsCertProfEntryIdLastChgd, tTlsCertProfEntryIdRowStatus, tTlsCertProfEntryIdCertFile, tTlsCertProfEntryIdKeyFile, tTlsCertProfEntryIdCompChain, tTlsCertProfEntryIdOperFlags, tTlsCompChainCAProfName, tTlsCertChainCAProfTblLastChgd, tTlsCertChainCAProfLastChgd, tTlsCertChainCAProfRowStatus, tTlsTrustAnchorProfTblLastChgd, tTlsTrustAnchorProfLastChgd, tTlsTrustAnchorProfRowStatus, tTlsTrustAnchorCAProfDown, tTlsTrustAnchorsTblLastChgd, tTlsTrustAnchorsLastChgd, tTlsTrustAnchorsRowStatus } STATUS current DESCRIPTION "The group of objects supporting the management of X.509 certificates on Nokia SROS series systems." ::= { tmnxTlsV14v1Groups 1 } tmnxTlsClientMgmtInitialGroup OBJECT-GROUP OBJECTS { tTlsClientCiphListTblLastChgd, tTlsClientCiphListLastChgd, tTlsClientCiphListRowStatus, tTlsClntCiphListParTblLastChgd, tTlsClntCiphListParamLastChgd, tTlsClntCiphListParamRowStatus, tTlsClntCiphListParamSuiteCode, tTlsClntProfileTblLastChgd, tTlsClntProfileLastChgd, tTlsClntProfileRowStatus, tTlsClntProfileAdminState, tTlsClntProfileOperState, tTlsClntProfileCiphListName, tTlsClntProfileCertProfile, tTlsClntProfileTrstAnchrProf } STATUS current DESCRIPTION "The group of objects supporting the management of a TLS client on Nokia SROS series systems." ::= { tmnxTlsV14v1Groups 2 } tmnxTlsV15v0Groups OBJECT IDENTIFIER ::= { tmnxTlsGroups 2 } tmnxTlsServerMgmtGroupV15v0 OBJECT-GROUP OBJECTS { tTlsServerCiphListTblLastChgd, tTlsServerCiphListLastChgd, tTlsServerCiphListRowStatus, tTlsSrvCiphListParTblLastChgd, tTlsSrvCiphListParamLastChgd, tTlsSrvCiphListParamRowStatus, tTlsSrvCiphListParamSuiteCode, tTlsSrvProfileTblLastChgd, tTlsSrvProfileLastChgd, tTlsSrvProfileRowStatus, tTlsSrvProfileAdminState, tTlsSrvProfileOperState, tTlsSrvProfileCiphListName, tTlsSrvProfileCertProfile, tTlsSrvProfileTrstAnchrProf, tTlsSrvProfileReNegotiateTimer, tTlsSrvProfileCnListName } STATUS current DESCRIPTION "The group of objects supporting the management of a TLS server on Nokia SROS series systems." ::= { tmnxTlsV15v0Groups 1 } tmnxTlsNotifyObjsGroupV20v0 OBJECT-GROUP OBJECTS { tmnxTlsVRtrID, tmnxTlsAppId, tmnxTlsRole, tmnxTlsLocalAddrType, tmnxTlsLocalAddr, tmnxTlsLocalPort, tmnxTlsRemoteAddrType, tmnxTlsRemoteAddr, tmnxTlsRemotePort, tmnxTlsFailureReason, tmnxTlsConnectionState, tmnxTlsProxyAddrType, tmnxTlsProxyAddr, tmnxTlsProxyPort } STATUS current DESCRIPTION "The group of objects supporting TLS notifications in revision 20.0 on Nokia SROS series systems." ::= { tmnxTlsV15v0Groups 2 } tmnxTlsNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxTlsInitiateSession, tmnxTlsTermination, tmnxTlsFailure } STATUS current DESCRIPTION "The group of notifications supporting TLS feature on Nokia SROS systems." ::= { tmnxTlsV15v0Groups 3 } tmnxTlsNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 107 } tmnxTlsNotifications OBJECT IDENTIFIER ::= { tmnxTlsNotifyPrefix 0 } tmnxTlsInitiateSession NOTIFICATION-TYPE OBJECTS { tmnxTlsVRtrID, tmnxTlsAppId, tmnxTlsRole, tmnxTlsLocalAddrType, tmnxTlsLocalAddr, tmnxTlsLocalPort, tmnxTlsRemoteAddrType, tmnxTlsRemoteAddr, tmnxTlsRemotePort, tmnxTlsProxyAddrType, tmnxTlsProxyAddr, tmnxTlsProxyPort, tmnxTlsConnectionState } STATUS current DESCRIPTION "[CAUSE] The tmnxTlsInitiateSession notification is generated when an attempt to create a TLS session is made. The value connected of leaf tmnxTlsConnectionState indicates the TLS session is successfully created. [EFFECT] The TLS session is going to be created or it was created. [RECOVERY] No recovery actions are needed." ::= { tmnxTlsNotifications 1 } tmnxTlsTermination NOTIFICATION-TYPE OBJECTS { tmnxTlsVRtrID, tmnxTlsAppId, tmnxTlsRole, tmnxTlsLocalAddrType, tmnxTlsLocalAddr, tmnxTlsLocalPort, tmnxTlsRemoteAddrType, tmnxTlsRemoteAddr, tmnxTlsRemotePort, tmnxTlsProxyAddrType, tmnxTlsProxyAddr, tmnxTlsProxyPort } STATUS current DESCRIPTION "[CAUSE] The tmnxTlsTermination notifications is generated when a TLS session is normally terminated. If the session is terminated because of a failure tmnxTlsFailure notification is generated instead. [EFFECT] The TLS session is terminated. [RECOVERY] No recovery actions are needed." ::= { tmnxTlsNotifications 2 } tmnxTlsFailure NOTIFICATION-TYPE OBJECTS { tmnxTlsVRtrID, tmnxTlsAppId, tmnxTlsRole, tmnxTlsLocalAddrType, tmnxTlsLocalAddr, tmnxTlsLocalPort, tmnxTlsRemoteAddrType, tmnxTlsRemoteAddr, tmnxTlsRemotePort, tmnxTlsProxyAddrType, tmnxTlsProxyAddr, tmnxTlsProxyPort, tmnxTlsFailureReason } STATUS current DESCRIPTION "[CAUSE] The tmnxTlsFailure notification is generated when an error occurred in a TLS session. The tmnxTlsFailureReason specifies the kind of error. [EFFECT] The TLS session is terminated. [RECOVERY] Corrective action should be taken based on the failure reason indicated by tmnxTlsFailureReason." ::= { tmnxTlsNotifications 3 } END