810 lines
26 KiB
Plaintext
810 lines
26 KiB
Plaintext
-- ****************************************************************************
|
|
-- ****************************************************************************
|
|
-- Copyright(c) 2004 Mediatrix Telecom, Inc.
|
|
-- NOTICE:
|
|
-- This document contains information that is confidential and proprietary
|
|
-- to Mediatrix Telecom, Inc.
|
|
-- Mediatrix Telecom, Inc. reserves all rights to this document as well as
|
|
-- to the Intellectual Property of the document and the technology and
|
|
-- know-how that it includes and represents.
|
|
-- This publication cannot be reproduced, neither in whole nor in part in
|
|
-- any form whatsoever without written prior approval by
|
|
-- Mediatrix Telecom, Inc.
|
|
-- Mediatrix Telecom, Inc. reserves the right to revise this publication
|
|
-- and make changes at any time and without the obligation to notify any
|
|
-- person and/or entity of such revisions and/or changes.
|
|
-- ****************************************************************************
|
|
-- ****************************************************************************
|
|
|
|
MX-CERT-MIB
|
|
DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MxEnableState,
|
|
MxActivationState,
|
|
MxIpHostName,
|
|
MxIpAddress,
|
|
MxIpPort,
|
|
MxAdvancedIpPort,
|
|
MxIpSubnetMask,
|
|
MxDigitMap
|
|
FROM MX-TC
|
|
MxUInt64,
|
|
MxFloat32,
|
|
MxIpHostNamePort,
|
|
MxIpAddr,
|
|
MxIpAddrPort,
|
|
MxIpAddrMask,
|
|
MxUri,
|
|
MxUrl
|
|
FROM MX-TC2
|
|
mediatrixServices
|
|
FROM MX-SMI2;
|
|
|
|
certMIB MODULE-IDENTITY
|
|
LAST-UPDATED "1910210000Z"
|
|
ORGANIZATION " Mediatrix Telecom, Inc. "
|
|
CONTACT-INFO " Mediatrix Telecom, Inc.
|
|
4229, Garlock Street
|
|
Sherbrooke (Quebec)
|
|
Canada
|
|
Phone: (819) 829-8749
|
|
"
|
|
DESCRIPTION " Certificate Manager
|
|
|
|
The Certificate Manager (Cert) service manages the security
|
|
certificates used for the authentication of the unit and its
|
|
peers before establishing a secure connection.
|
|
"
|
|
::= { mediatrixServices 2300 }
|
|
|
|
certMIBObjects OBJECT IDENTIFIER ::= { certMIB 1 }
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Certificates
|
|
|
|
-- ****************************************************************************
|
|
|
|
certificateInfoGroup OBJECT IDENTIFIER
|
|
::= { certMIBObjects 100 }
|
|
-- ***************************************************************************
|
|
|
|
-- Table:Host Certificates
|
|
|
|
-- ***************************************************************************
|
|
|
|
hostCertificatesInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HostCertificatesInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Host Certificates
|
|
|
|
This table contains information about each certificate used to
|
|
certify the host system.
|
|
"
|
|
::= { certificateInfoGroup 100 }
|
|
hostCertificatesInfoEntry OBJECT-TYPE
|
|
SYNTAX HostCertificatesInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Host Certificates. "
|
|
INDEX {
|
|
hostCertificatesInfoFileName
|
|
}
|
|
|
|
::= { hostCertificatesInfoTable 1 }
|
|
|
|
HostCertificatesInfoEntry ::= SEQUENCE
|
|
{
|
|
hostCertificatesInfoFileName OCTET STRING,
|
|
hostCertificatesInfoIssuedTo OCTET STRING,
|
|
hostCertificatesInfoIssuedBy OCTET STRING,
|
|
hostCertificatesInfoValidFrom OCTET STRING,
|
|
hostCertificatesInfoValidTo OCTET STRING,
|
|
hostCertificatesInfoUsage OCTET STRING,
|
|
hostCertificatesInfoDelete INTEGER
|
|
}
|
|
|
|
-- Index:File Name
|
|
|
|
hostCertificatesInfoFileName OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " File Name
|
|
|
|
Certificate file name.
|
|
"
|
|
::= { hostCertificatesInfoEntry 100 }
|
|
|
|
-- Columnar:Issued To
|
|
|
|
hostCertificatesInfoIssuedTo OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Issued To
|
|
|
|
Certificate subject name. This is the common name that must
|
|
match the host being authenticated.
|
|
"
|
|
::= { hostCertificatesInfoEntry 200 }
|
|
|
|
-- Columnar:Issued By
|
|
|
|
hostCertificatesInfoIssuedBy OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Issued By
|
|
|
|
Certificate issuer name. This is the certificate authority
|
|
that signed this certificate.
|
|
"
|
|
::= { hostCertificatesInfoEntry 300 }
|
|
|
|
-- Columnar:Valid From
|
|
|
|
hostCertificatesInfoValidFrom OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Valid From
|
|
|
|
Certificate lower bound validity duration range.
|
|
"
|
|
::= { hostCertificatesInfoEntry 400 }
|
|
|
|
-- Columnar:Valid To
|
|
|
|
hostCertificatesInfoValidTo OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Valid To
|
|
|
|
Certificate higher bound validity duration range.
|
|
"
|
|
::= { hostCertificatesInfoEntry 500 }
|
|
|
|
-- Columnar:Usage
|
|
|
|
hostCertificatesInfoUsage OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Usage
|
|
|
|
Identifies in which role or context a certificate can be used
|
|
by the host it authenticates.
|
|
|
|
* TlsClient: The certificate identifies a TLS client. A
|
|
host authenticated by this kind of certificate can act as
|
|
a client in a SIP over TLS connection when mutual
|
|
authentication is required by the server.
|
|
* TlsServer: The certificate identifies a TLS server. A
|
|
host authenticated by this kind of certificate can serve
|
|
files or web pages using the HTTPS protocol or can act as
|
|
a server in a SIP over TLS connection.
|
|
|
|
"
|
|
::= { hostCertificatesInfoEntry 550 }
|
|
|
|
-- Row command:Delete
|
|
|
|
hostCertificatesInfoDelete OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), delete(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Delete
|
|
|
|
Removes the certificate from the unit.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { hostCertificatesInfoEntry 600 }
|
|
|
|
-- End of table:Host Certificates
|
|
|
|
-- ***************************************************************************
|
|
|
|
-- Table:Others Certificates
|
|
|
|
-- ***************************************************************************
|
|
|
|
othersCertificatesInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF OthersCertificatesInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Others Certificates
|
|
|
|
This table contains information about the trusted root and
|
|
intermediate certificate authorities to validate remote
|
|
systems.
|
|
|
|
A certificate file may also concatenate all the certificates
|
|
of the chain. In that case, the order is important and the
|
|
file must first begin by the root certificate, followed by
|
|
ordered intermediate certificates.
|
|
|
|
"
|
|
::= { certificateInfoGroup 200 }
|
|
othersCertificatesInfoEntry OBJECT-TYPE
|
|
SYNTAX OthersCertificatesInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Others Certificates. "
|
|
INDEX {
|
|
othersCertificatesInfoFileName
|
|
}
|
|
|
|
::= { othersCertificatesInfoTable 1 }
|
|
|
|
OthersCertificatesInfoEntry ::= SEQUENCE
|
|
{
|
|
othersCertificatesInfoFileName OCTET STRING,
|
|
othersCertificatesInfoIssuedTo OCTET STRING,
|
|
othersCertificatesInfoIssuedBy OCTET STRING,
|
|
othersCertificatesInfoValidFrom OCTET STRING,
|
|
othersCertificatesInfoValidTo OCTET STRING,
|
|
othersCertificatesInfoUsage OCTET STRING,
|
|
othersCertificatesInfoCertificateAuthority INTEGER,
|
|
othersCertificatesInfoDelete INTEGER
|
|
}
|
|
|
|
-- Index:File Name
|
|
|
|
othersCertificatesInfoFileName OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " File Name
|
|
|
|
Certificate file name.
|
|
"
|
|
::= { othersCertificatesInfoEntry 100 }
|
|
|
|
-- Columnar:Issued To
|
|
|
|
othersCertificatesInfoIssuedTo OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Issued To
|
|
|
|
Certificate subject name. This is the common name that must
|
|
match the host being authenticated.
|
|
"
|
|
::= { othersCertificatesInfoEntry 200 }
|
|
|
|
-- Columnar:Issued By
|
|
|
|
othersCertificatesInfoIssuedBy OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Issued By
|
|
|
|
Certificate issuer name. This is the certificate authority
|
|
that signed this certificate.
|
|
"
|
|
::= { othersCertificatesInfoEntry 300 }
|
|
|
|
-- Columnar:Valid From
|
|
|
|
othersCertificatesInfoValidFrom OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Valid From
|
|
|
|
Certificate lower bound validity duration range.
|
|
"
|
|
::= { othersCertificatesInfoEntry 400 }
|
|
|
|
-- Columnar:Valid To
|
|
|
|
othersCertificatesInfoValidTo OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Valid To
|
|
|
|
Certificate higher bound validity duration range.
|
|
"
|
|
::= { othersCertificatesInfoEntry 500 }
|
|
|
|
-- Columnar:Usage
|
|
|
|
othersCertificatesInfoUsage OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Usage
|
|
|
|
Identifies in which role or context a certificate can be used
|
|
by the host it authenticates.
|
|
|
|
* TlsClient: The certificate identifies a TLS client. A
|
|
host authenticated by this kind of certificate can act as
|
|
a client in a SIP over TLS connection when mutual
|
|
authentication is required by the server.
|
|
* TlsServer: The certificate identifies a TLS server. A
|
|
host authenticated by this kind of certificate can serve
|
|
files or web pages using the HTTPS protocol or can act as
|
|
a server in a SIP over TLS connection.
|
|
|
|
"
|
|
::= { othersCertificatesInfoEntry 550 }
|
|
|
|
-- Columnar:CertificateAuthority
|
|
|
|
othersCertificatesInfoCertificateAuthority OBJECT-TYPE
|
|
SYNTAX INTEGER { yes(100) , no(200) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " CertificateAuthority
|
|
|
|
Indicates if the certificate is a CA certificate.
|
|
|
|
* Yes: The certificate is a CA certificate.
|
|
* No: The certificate is not a CA certificate.
|
|
|
|
"
|
|
DEFVAL { yes }
|
|
::= { othersCertificatesInfoEntry 600 }
|
|
|
|
-- Row command:Delete
|
|
|
|
othersCertificatesInfoDelete OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), delete(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Delete
|
|
|
|
Removes the certificate from the unit.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { othersCertificatesInfoEntry 700 }
|
|
|
|
-- End of table:Others Certificates
|
|
|
|
-- ***************************************************************************
|
|
|
|
-- Table:Host Certificate Association
|
|
|
|
-- ***************************************************************************
|
|
|
|
hostCertificateAssociationTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HostCertificateAssociationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Host Certificate Association
|
|
|
|
This table contains information about which services can use
|
|
the host certificates.
|
|
"
|
|
::= { certificateInfoGroup 300 }
|
|
hostCertificateAssociationEntry OBJECT-TYPE
|
|
SYNTAX HostCertificateAssociationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Host Certificate Association. "
|
|
INDEX {
|
|
hostCertificateAssociationFileName
|
|
}
|
|
|
|
::= { hostCertificateAssociationTable 1 }
|
|
|
|
HostCertificateAssociationEntry ::= SEQUENCE
|
|
{
|
|
hostCertificateAssociationFileName OCTET STRING,
|
|
hostCertificateAssociationSip MxEnableState,
|
|
hostCertificateAssociationWeb MxEnableState,
|
|
hostCertificateAssociationEap MxEnableState,
|
|
hostCertificateAssociationConf MxEnableState,
|
|
hostCertificateAssociationFpu MxEnableState,
|
|
hostCertificateAssociationFile MxEnableState,
|
|
hostCertificateAssociationCert MxEnableState,
|
|
hostCertificateAssociationSbc MxEnableState,
|
|
hostCertificateAssociationCwmp MxEnableState,
|
|
hostCertificateAssociationNlm MxEnableState
|
|
}
|
|
|
|
-- Index:File Name
|
|
|
|
hostCertificateAssociationFileName OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " File Name
|
|
|
|
Certificate file name.
|
|
"
|
|
::= { hostCertificateAssociationEntry 100 }
|
|
|
|
-- Columnar:CWMP
|
|
|
|
hostCertificateAssociationCwmp OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " CWMP
|
|
|
|
Specifies if this certificate can be used for Cwmp security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 1000 }
|
|
|
|
-- Columnar:NLM
|
|
|
|
hostCertificateAssociationNlm OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " NLM
|
|
|
|
Specifies if this certificate can be used for Nlm security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 1100 }
|
|
|
|
-- Columnar:SIP
|
|
|
|
hostCertificateAssociationSip OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " SIP
|
|
|
|
Specifies if this certificate can be used for SIP security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 200 }
|
|
|
|
-- Columnar:WEB
|
|
|
|
hostCertificateAssociationWeb OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " WEB
|
|
|
|
Specifies if this certificate can be used for Web security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 300 }
|
|
|
|
-- Columnar:EAP
|
|
|
|
hostCertificateAssociationEap OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " EAP
|
|
|
|
Specifies if this certificate can be used for EAP security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 400 }
|
|
|
|
-- Columnar:CONF
|
|
|
|
hostCertificateAssociationConf OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " CONF
|
|
|
|
Specifies if this certificate can be used for Conf security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 500 }
|
|
|
|
-- Columnar:FPU
|
|
|
|
hostCertificateAssociationFpu OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " FPU
|
|
|
|
Specifies if this certificate can be used for Fpu security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 600 }
|
|
|
|
-- Columnar:FILE
|
|
|
|
hostCertificateAssociationFile OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " FILE
|
|
|
|
Specifies if this certificate can be used for File security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 700 }
|
|
|
|
-- Columnar:CERT
|
|
|
|
hostCertificateAssociationCert OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " CERT
|
|
|
|
Specifies if this certificate can be used for Cert security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 800 }
|
|
|
|
-- Columnar:SBC
|
|
|
|
hostCertificateAssociationSbc OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " SBC
|
|
|
|
Specifies if this certificate can be used for Sbc security.
|
|
"
|
|
DEFVAL { enable }
|
|
::= { hostCertificateAssociationEntry 900 }
|
|
|
|
-- End of table:Host Certificate Association
|
|
|
|
-- ***************************************************************************
|
|
|
|
-- Table:Certificate Authories
|
|
|
|
-- ***************************************************************************
|
|
|
|
certificateAuthoritiesTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CertificateAuthoritiesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Certificate Authories
|
|
|
|
This table contains information specific to certificate
|
|
authority (CA) files.
|
|
|
|
A certificate file may also concatenate all the certificates
|
|
of the chain. In that case, the order is important and the
|
|
file must first begin by the root certificate, followed by
|
|
ordered intermediate certificates.
|
|
|
|
"
|
|
::= { certificateInfoGroup 400 }
|
|
certificateAuthoritiesEntry OBJECT-TYPE
|
|
SYNTAX CertificateAuthoritiesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Certificate Authories. "
|
|
INDEX {
|
|
certificateAuthoritiesFileName
|
|
}
|
|
|
|
::= { certificateAuthoritiesTable 1 }
|
|
|
|
CertificateAuthoritiesEntry ::= SEQUENCE
|
|
{
|
|
certificateAuthoritiesFileName OCTET STRING,
|
|
certificateAuthoritiesOverrideIssuedCertificateOcspUrl OCTET STRING
|
|
}
|
|
|
|
-- Index:File Name
|
|
|
|
certificateAuthoritiesFileName OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " File Name
|
|
|
|
Certificate authority (CA) file name.
|
|
"
|
|
::= { certificateAuthoritiesEntry 100 }
|
|
|
|
-- Columnar:Override Issued Certificate OCSP URL
|
|
|
|
certificateAuthoritiesOverrideIssuedCertificateOcspUrl OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..512) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Override Issued Certificate OCSP URL
|
|
|
|
Defines a specific OCSP URL to use for certificate revocation
|
|
status of certificates issued by this certificate authority
|
|
(CA).
|
|
|
|
The URL should follow one of these formats:
|
|
|
|
http://hostname[:port]
|
|
|
|
http://hostname/path/filename.xxx
|
|
|
|
Note: The default empty value means that the OCSP URL present
|
|
in the certificate to verify will be used for checking its
|
|
revocation status.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { certificateAuthoritiesEntry 200 }
|
|
|
|
-- End of table:Certificate Authories
|
|
|
|
-- End of group:Certificates
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Transfer group
|
|
|
|
-- Configuration relative to file transfers.
|
|
-- ****************************************************************************
|
|
|
|
transferGroup OBJECT IDENTIFIER
|
|
::= { certMIBObjects 500 }
|
|
-- Scalar:Transfer HTTPS Cipher Suite
|
|
|
|
transferHttpsCipherSuite OBJECT-TYPE
|
|
SYNTAX INTEGER { cS1(100) , cS2(200) , cS3(300) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Transfer HTTPS Cipher Suite
|
|
|
|
Defines the allowed cipher suites for the network security
|
|
settings when using the HTTPS transfer protocol. When the
|
|
device initiates an HTTPS connection to a server it will
|
|
negotiate the cipher suite according to its configuration.
|
|
|
|
* CS1:
|
|
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
|
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA
|
|
+ TLS_RSA_WITH_AES_256_CBC_SHA
|
|
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
|
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
|
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
|
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
|
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA
|
|
+ TLS_RSA_WITH_AES_128_CBC_SHA
|
|
+ TLS_RSA_WITH_RC4_128_SHA
|
|
+ TLS_RSA_WITH_RC4_128_MD5
|
|
* CS2:
|
|
+ TLS_RSA_WITH_AES_128_CBC_SHA
|
|
+ TLS_RSA_WITH_AES_256_CBC_SHA
|
|
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
|
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
|
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
|
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
|
* CS3:
|
|
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
|
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
|
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
|
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
|
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
|
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
|
+ TLS_RSA_WITH_AES_256_GCM_SHA384
|
|
+ TLS_RSA_WITH_AES_256_CBC_SHA256
|
|
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
|
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
|
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
|
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
|
+ TLS_RSA_WITH_AES_128_GCM_SHA256
|
|
+ TLS_RSA_WITH_AES_128_CBC_SHA256
|
|
|
|
"
|
|
DEFVAL { cS1 }
|
|
::= { transferGroup 100 }
|
|
|
|
-- Scalar:TLS Version
|
|
|
|
transferHttpsTlsVersion OBJECT-TYPE
|
|
SYNTAX INTEGER { sSLv3(100) , tLSv1(200) , tLSv1-1(300) , tLSv1-2
|
|
(400) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " TLS Version
|
|
|
|
Defines the allowed TLS version for the network security
|
|
settings when using the HTTPS transfer protocol. When the
|
|
device initiates an HTTPS connection to a server it will
|
|
negotiate the TLS version according to its configuration.
|
|
|
|
* SSLv3: Allow SSL version 3 and all TLS versions.
|
|
* TLSv1: Allow TLS versions 1 and up.
|
|
* TLSv1_1: Allow TLS versions 1.1 and up.
|
|
* TLSv1_2: Allow TLS versions 1.2 and up.
|
|
|
|
The device will always send its highest supported TLS version
|
|
in the ClientHello message. The server will select the highest
|
|
supported TLS version it supports from the ClientHello
|
|
message. The device will then validate that the selected
|
|
version is allowed. If the version is not allowed the device
|
|
will close the connection.
|
|
|
|
"
|
|
DEFVAL { tLSv1 }
|
|
::= { transferGroup 200 }
|
|
|
|
-- End of group:Transfer group
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Notification Messages Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
notificationsGroup OBJECT IDENTIFIER
|
|
::= { certMIBObjects 60010 }
|
|
-- Scalar:Minimal Severity of Notification
|
|
|
|
minSeverity OBJECT-TYPE
|
|
SYNTAX INTEGER { disable(0) , debug(100) , info(200) , warning(300) ,
|
|
error(400) , critical (500) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Minimal Severity of Notification
|
|
|
|
Sets the minimal severity to issue a notification message
|
|
incoming from this service.
|
|
|
|
* Disable: No notification is issued.
|
|
* Debug: All notification messages are issued.
|
|
* Info: Notification messages with a 'Informational' and
|
|
higher severity are issued.
|
|
* Warning: Notification messages with a 'Warning' and higher
|
|
severity are issued.
|
|
* Error: Notification messages with an 'Error' and higher
|
|
severity are issued.
|
|
* Critical: Notification messages with a 'Critical' severity
|
|
are issued.
|
|
|
|
"
|
|
DEFVAL { warning }
|
|
::= { notificationsGroup 100 }
|
|
|
|
-- End of group:Notification Messages Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Configuration Settings
|
|
|
|
-- ****************************************************************************
|
|
|
|
configurationGroup OBJECT IDENTIFIER
|
|
::= { certMIBObjects 60020 }
|
|
-- Scalar:Need Restart
|
|
|
|
needRestartInfo OBJECT-TYPE
|
|
SYNTAX INTEGER { no(0) , yes(100) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Need Restart
|
|
|
|
Indicates if the service needs to be restarted for the
|
|
configuration to fully take effect.
|
|
|
|
* Yes: Service needs to be restarted.
|
|
* No: Service does not need to be restarted.
|
|
|
|
Services can be restarted by using the
|
|
Scm.ServiceCommands.Restart command.
|
|
|
|
"
|
|
::= { configurationGroup 100 }
|
|
|
|
-- End of group:Configuration Settings
|
|
|
|
END
|