@pulumi/f5bigip 3.4.1

package/ltm/profileClientSsl.d.ts

@@ -0,0 +1,725 @@
+import * as pulumi from "@pulumi/pulumi";
+import { input as inputs, output as outputs } from "../types";
+/**
+ * `f5bigip.ltm.ProfileClientSsl` Manages client SSL profiles on a BIG-IP
+ *
+ * Resources should be named with their "full path". The full path is the combination of the partition + name (example: /Common/my-pool ) or  partition + directory + name of the resource  (example: /Common/test/my-pool )
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as f5bigip from "@pulumi/f5bigip";
+ *
+ * const test_ClientSsl = new f5bigip.ltm.ProfileClientSsl("test-ClientSsl", {
+ *     authenticate: "always",
+ *     ciphers: "DEFAULT",
+ *     defaultsFrom: "/Common/clientssl",
+ *     name: "/Common/test-ClientSsl",
+ * });
+ * ```
+ */
+export declare class ProfileClientSsl extends pulumi.CustomResource {
+    /**
+     * Get an existing ProfileClientSsl resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProfileClientSslState, opts?: pulumi.CustomResourceOptions): ProfileClientSsl;
+    /**
+     * Returns true if the given object is an instance of ProfileClientSsl.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is ProfileClientSsl;
+    /**
+     * Alert time out
+     */
+    readonly alertTimeout: pulumi.Output<string>;
+    /**
+     * Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
+     */
+    readonly allowNonSsl: pulumi.Output<string>;
+    /**
+     * Specifies the frequency of client authentication for an SSL session.When `once`,specifies that the system authenticates the client once for an SSL session.
+     * When `always`, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
+     */
+    readonly authenticate: pulumi.Output<string>;
+    /**
+     * Specifies the maximum number of certificates to be traversed in a client certificate chain
+     */
+    readonly authenticateDepth: pulumi.Output<number>;
+    /**
+     * Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
+     */
+    readonly c3dClientFallbackCert: pulumi.Output<string>;
+    /**
+     * Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
+     */
+    readonly c3dDropUnknownOcspStatus: pulumi.Output<string>;
+    /**
+     * Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
+     */
+    readonly c3dOcsp: pulumi.Output<string>;
+    /**
+     * Client certificate file path. Default None.
+     */
+    readonly caFile: pulumi.Output<string>;
+    /**
+     * Cache size (sessions).
+     */
+    readonly cacheSize: pulumi.Output<number>;
+    /**
+     * Cache time out
+     */
+    readonly cacheTimeout: pulumi.Output<number>;
+    /**
+     * Specifies a cert name for use.
+     */
+    readonly cert: pulumi.Output<string>;
+    /**
+     * Cert extension includes for ssl forward proxy
+     */
+    readonly certExtensionIncludes: pulumi.Output<string[]>;
+    readonly certKeyChains: pulumi.Output<outputs.ltm.ProfileClientSslCertKeyChain[]>;
+    /**
+     * Life span of the certificate in days for ssl forward proxy
+     */
+    readonly certLifeSpan: pulumi.Output<number>;
+    /**
+     * Cert lookup by ip address and port enabled / disabled
+     */
+    readonly certLookupByIpaddrPort: pulumi.Output<string>;
+    /**
+     * Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
+     */
+    readonly chain: pulumi.Output<string>;
+    /**
+     * Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
+     */
+    readonly ciphers: pulumi.Output<string>;
+    /**
+     * client certificate name
+     */
+    readonly clientCertCa: pulumi.Output<string>;
+    /**
+     * Certificate revocation file name
+     */
+    readonly crlFile: pulumi.Output<string>;
+    /**
+     * Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is `/Common/clientssl`. It Should Full path `/partition/profile_name`
+     */
+    readonly defaultsFrom: pulumi.Output<string | undefined>;
+    /**
+     * Forward proxy bypass default action. (enabled / disabled)
+     */
+    readonly forwardProxyBypassDefaultAction: pulumi.Output<string>;
+    /**
+     * full path of the profile
+     */
+    readonly fullPath: pulumi.Output<string>;
+    /**
+     * generation
+     */
+    readonly generation: pulumi.Output<number>;
+    /**
+     * Generic alerts enabled / disabled.
+     */
+    readonly genericAlert: pulumi.Output<string>;
+    /**
+     * Handshake time out (seconds)
+     */
+    readonly handshakeTimeout: pulumi.Output<string>;
+    /**
+     * Inherit cert key chain
+     */
+    readonly inheritCertKeychain: pulumi.Output<string>;
+    /**
+     * Contains a key name
+     */
+    readonly key: pulumi.Output<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    readonly modSslMethods: pulumi.Output<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    readonly mode: pulumi.Output<string>;
+    /**
+     * Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the `partition + profile name`,For example `/Common/test-clientssl-profile`.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * name of partition
+     */
+    readonly partition: pulumi.Output<string>;
+    /**
+     * Client Certificate Constrained Delegation CA passphrase
+     */
+    readonly passphrase: pulumi.Output<string>;
+    /**
+     * Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
+     */
+    readonly peerCertMode: pulumi.Output<string>;
+    /**
+     * Proxy CA Cert
+     */
+    readonly proxyCaCert: pulumi.Output<string>;
+    /**
+     * Proxy CA Key
+     */
+    readonly proxyCaKey: pulumi.Output<string>;
+    /**
+     * Proxy CA Passphrase
+     */
+    readonly proxyCaPassphrase: pulumi.Output<string>;
+    /**
+     * Proxy SSL enabled / disabled. Default is disabled.
+     */
+    readonly proxySsl: pulumi.Output<string>;
+    /**
+     * Proxy SSL passthrough enabled / disabled. Default is disabled.
+     */
+    readonly proxySslPassthrough: pulumi.Output<string>;
+    /**
+     * Renogotiate Period (seconds)
+     */
+    readonly renegotiatePeriod: pulumi.Output<string>;
+    /**
+     * Renogotiate Size
+     */
+    readonly renegotiateSize: pulumi.Output<string>;
+    /**
+     * Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
+     */
+    readonly renegotiation: pulumi.Output<string>;
+    /**
+     * When `true`, client certificate is retained in SSL session.
+     */
+    readonly retainCertificate: pulumi.Output<string>;
+    /**
+     * Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
+     * When `request` is set the system request secure renegotation of SSL connections.
+     * `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
+     * The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
+     */
+    readonly secureRenegotiation: pulumi.Output<string>;
+    /**
+     * Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
+     */
+    readonly serverName: pulumi.Output<string>;
+    /**
+     * Session Mirroring (enabled / disabled)
+     */
+    readonly sessionMirroring: pulumi.Output<string>;
+    /**
+     * Session Ticket (enabled / disabled)
+     */
+    readonly sessionTicket: pulumi.Output<string>;
+    /**
+     * Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
+     * There can be only one SSL profile with this setting enabled.
+     */
+    readonly sniDefault: pulumi.Output<string>;
+    /**
+     * Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
+     */
+    readonly sniRequire: pulumi.Output<string>;
+    /**
+     * Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
+     */
+    readonly sslC3d: pulumi.Output<string>;
+    /**
+     * Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
+     */
+    readonly sslForwardProxy: pulumi.Output<string>;
+    /**
+     * Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
+     */
+    readonly sslForwardProxyBypass: pulumi.Output<string>;
+    /**
+     * SSL sign hash (any, sha1, sha256, sha384)
+     */
+    readonly sslSignHash: pulumi.Output<string>;
+    /**
+     * Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
+     */
+    readonly strictResume: pulumi.Output<string>;
+    /**
+     * List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
+     * Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions    = ["dont-insert-empty-fragments","no-tlsv1.3"]
+     */
+    readonly tmOptions: pulumi.Output<string[]>;
+    /**
+     * Unclean Shutdown (enabled / disabled)
+     */
+    readonly uncleanShutdown: pulumi.Output<string>;
+    /**
+     * Create a ProfileClientSsl resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: ProfileClientSslArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering ProfileClientSsl resources.
+ */
+export interface ProfileClientSslState {
+    /**
+     * Alert time out
+     */
+    alertTimeout?: pulumi.Input<string>;
+    /**
+     * Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
+     */
+    allowNonSsl?: pulumi.Input<string>;
+    /**
+     * Specifies the frequency of client authentication for an SSL session.When `once`,specifies that the system authenticates the client once for an SSL session.
+     * When `always`, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
+     */
+    authenticate?: pulumi.Input<string>;
+    /**
+     * Specifies the maximum number of certificates to be traversed in a client certificate chain
+     */
+    authenticateDepth?: pulumi.Input<number>;
+    /**
+     * Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
+     */
+    c3dClientFallbackCert?: pulumi.Input<string>;
+    /**
+     * Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
+     */
+    c3dDropUnknownOcspStatus?: pulumi.Input<string>;
+    /**
+     * Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
+     */
+    c3dOcsp?: pulumi.Input<string>;
+    /**
+     * Client certificate file path. Default None.
+     */
+    caFile?: pulumi.Input<string>;
+    /**
+     * Cache size (sessions).
+     */
+    cacheSize?: pulumi.Input<number>;
+    /**
+     * Cache time out
+     */
+    cacheTimeout?: pulumi.Input<number>;
+    /**
+     * Specifies a cert name for use.
+     */
+    cert?: pulumi.Input<string>;
+    /**
+     * Cert extension includes for ssl forward proxy
+     */
+    certExtensionIncludes?: pulumi.Input<pulumi.Input<string>[]>;
+    certKeyChains?: pulumi.Input<pulumi.Input<inputs.ltm.ProfileClientSslCertKeyChain>[]>;
+    /**
+     * Life span of the certificate in days for ssl forward proxy
+     */
+    certLifeSpan?: pulumi.Input<number>;
+    /**
+     * Cert lookup by ip address and port enabled / disabled
+     */
+    certLookupByIpaddrPort?: pulumi.Input<string>;
+    /**
+     * Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
+     */
+    chain?: pulumi.Input<string>;
+    /**
+     * Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
+     */
+    ciphers?: pulumi.Input<string>;
+    /**
+     * client certificate name
+     */
+    clientCertCa?: pulumi.Input<string>;
+    /**
+     * Certificate revocation file name
+     */
+    crlFile?: pulumi.Input<string>;
+    /**
+     * Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is `/Common/clientssl`. It Should Full path `/partition/profile_name`
+     */
+    defaultsFrom?: pulumi.Input<string>;
+    /**
+     * Forward proxy bypass default action. (enabled / disabled)
+     */
+    forwardProxyBypassDefaultAction?: pulumi.Input<string>;
+    /**
+     * full path of the profile
+     */
+    fullPath?: pulumi.Input<string>;
+    /**
+     * generation
+     */
+    generation?: pulumi.Input<number>;
+    /**
+     * Generic alerts enabled / disabled.
+     */
+    genericAlert?: pulumi.Input<string>;
+    /**
+     * Handshake time out (seconds)
+     */
+    handshakeTimeout?: pulumi.Input<string>;
+    /**
+     * Inherit cert key chain
+     */
+    inheritCertKeychain?: pulumi.Input<string>;
+    /**
+     * Contains a key name
+     */
+    key?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    modSslMethods?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    mode?: pulumi.Input<string>;
+    /**
+     * Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the `partition + profile name`,For example `/Common/test-clientssl-profile`.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * name of partition
+     */
+    partition?: pulumi.Input<string>;
+    /**
+     * Client Certificate Constrained Delegation CA passphrase
+     */
+    passphrase?: pulumi.Input<string>;
+    /**
+     * Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
+     */
+    peerCertMode?: pulumi.Input<string>;
+    /**
+     * Proxy CA Cert
+     */
+    proxyCaCert?: pulumi.Input<string>;
+    /**
+     * Proxy CA Key
+     */
+    proxyCaKey?: pulumi.Input<string>;
+    /**
+     * Proxy CA Passphrase
+     */
+    proxyCaPassphrase?: pulumi.Input<string>;
+    /**
+     * Proxy SSL enabled / disabled. Default is disabled.
+     */
+    proxySsl?: pulumi.Input<string>;
+    /**
+     * Proxy SSL passthrough enabled / disabled. Default is disabled.
+     */
+    proxySslPassthrough?: pulumi.Input<string>;
+    /**
+     * Renogotiate Period (seconds)
+     */
+    renegotiatePeriod?: pulumi.Input<string>;
+    /**
+     * Renogotiate Size
+     */
+    renegotiateSize?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
+     */
+    renegotiation?: pulumi.Input<string>;
+    /**
+     * When `true`, client certificate is retained in SSL session.
+     */
+    retainCertificate?: pulumi.Input<string>;
+    /**
+     * Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
+     * When `request` is set the system request secure renegotation of SSL connections.
+     * `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
+     * The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
+     */
+    secureRenegotiation?: pulumi.Input<string>;
+    /**
+     * Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
+     */
+    serverName?: pulumi.Input<string>;
+    /**
+     * Session Mirroring (enabled / disabled)
+     */
+    sessionMirroring?: pulumi.Input<string>;
+    /**
+     * Session Ticket (enabled / disabled)
+     */
+    sessionTicket?: pulumi.Input<string>;
+    /**
+     * Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
+     * There can be only one SSL profile with this setting enabled.
+     */
+    sniDefault?: pulumi.Input<string>;
+    /**
+     * Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
+     */
+    sniRequire?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
+     */
+    sslC3d?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxy?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxyBypass?: pulumi.Input<string>;
+    /**
+     * SSL sign hash (any, sha1, sha256, sha384)
+     */
+    sslSignHash?: pulumi.Input<string>;
+    /**
+     * Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
+     */
+    strictResume?: pulumi.Input<string>;
+    /**
+     * List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
+     * Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions    = ["dont-insert-empty-fragments","no-tlsv1.3"]
+     */
+    tmOptions?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Unclean Shutdown (enabled / disabled)
+     */
+    uncleanShutdown?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a ProfileClientSsl resource.
+ */
+export interface ProfileClientSslArgs {
+    /**
+     * Alert time out
+     */
+    alertTimeout?: pulumi.Input<string>;
+    /**
+     * Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
+     */
+    allowNonSsl?: pulumi.Input<string>;
+    /**
+     * Specifies the frequency of client authentication for an SSL session.When `once`,specifies that the system authenticates the client once for an SSL session.
+     * When `always`, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
+     */
+    authenticate?: pulumi.Input<string>;
+    /**
+     * Specifies the maximum number of certificates to be traversed in a client certificate chain
+     */
+    authenticateDepth?: pulumi.Input<number>;
+    /**
+     * Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
+     */
+    c3dClientFallbackCert?: pulumi.Input<string>;
+    /**
+     * Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
+     */
+    c3dDropUnknownOcspStatus?: pulumi.Input<string>;
+    /**
+     * Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
+     */
+    c3dOcsp?: pulumi.Input<string>;
+    /**
+     * Client certificate file path. Default None.
+     */
+    caFile?: pulumi.Input<string>;
+    /**
+     * Cache size (sessions).
+     */
+    cacheSize?: pulumi.Input<number>;
+    /**
+     * Cache time out
+     */
+    cacheTimeout?: pulumi.Input<number>;
+    /**
+     * Specifies a cert name for use.
+     */
+    cert?: pulumi.Input<string>;
+    /**
+     * Cert extension includes for ssl forward proxy
+     */
+    certExtensionIncludes?: pulumi.Input<pulumi.Input<string>[]>;
+    certKeyChains?: pulumi.Input<pulumi.Input<inputs.ltm.ProfileClientSslCertKeyChain>[]>;
+    /**
+     * Life span of the certificate in days for ssl forward proxy
+     */
+    certLifeSpan?: pulumi.Input<number>;
+    /**
+     * Cert lookup by ip address and port enabled / disabled
+     */
+    certLookupByIpaddrPort?: pulumi.Input<string>;
+    /**
+     * Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
+     */
+    chain?: pulumi.Input<string>;
+    /**
+     * Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
+     */
+    ciphers?: pulumi.Input<string>;
+    /**
+     * client certificate name
+     */
+    clientCertCa?: pulumi.Input<string>;
+    /**
+     * Certificate revocation file name
+     */
+    crlFile?: pulumi.Input<string>;
+    /**
+     * Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is `/Common/clientssl`. It Should Full path `/partition/profile_name`
+     */
+    defaultsFrom?: pulumi.Input<string>;
+    /**
+     * Forward proxy bypass default action. (enabled / disabled)
+     */
+    forwardProxyBypassDefaultAction?: pulumi.Input<string>;
+    /**
+     * full path of the profile
+     */
+    fullPath?: pulumi.Input<string>;
+    /**
+     * generation
+     */
+    generation?: pulumi.Input<number>;
+    /**
+     * Generic alerts enabled / disabled.
+     */
+    genericAlert?: pulumi.Input<string>;
+    /**
+     * Handshake time out (seconds)
+     */
+    handshakeTimeout?: pulumi.Input<string>;
+    /**
+     * Inherit cert key chain
+     */
+    inheritCertKeychain?: pulumi.Input<string>;
+    /**
+     * Contains a key name
+     */
+    key?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    modSslMethods?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    mode?: pulumi.Input<string>;
+    /**
+     * Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the `partition + profile name`,For example `/Common/test-clientssl-profile`.
+     */
+    name: pulumi.Input<string>;
+    /**
+     * name of partition
+     */
+    partition?: pulumi.Input<string>;
+    /**
+     * Client Certificate Constrained Delegation CA passphrase
+     */
+    passphrase?: pulumi.Input<string>;
+    /**
+     * Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
+     */
+    peerCertMode?: pulumi.Input<string>;
+    /**
+     * Proxy CA Cert
+     */
+    proxyCaCert?: pulumi.Input<string>;
+    /**
+     * Proxy CA Key
+     */
+    proxyCaKey?: pulumi.Input<string>;
+    /**
+     * Proxy CA Passphrase
+     */
+    proxyCaPassphrase?: pulumi.Input<string>;
+    /**
+     * Proxy SSL enabled / disabled. Default is disabled.
+     */
+    proxySsl?: pulumi.Input<string>;
+    /**
+     * Proxy SSL passthrough enabled / disabled. Default is disabled.
+     */
+    proxySslPassthrough?: pulumi.Input<string>;
+    /**
+     * Renogotiate Period (seconds)
+     */
+    renegotiatePeriod?: pulumi.Input<string>;
+    /**
+     * Renogotiate Size
+     */
+    renegotiateSize?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
+     */
+    renegotiation?: pulumi.Input<string>;
+    /**
+     * When `true`, client certificate is retained in SSL session.
+     */
+    retainCertificate?: pulumi.Input<string>;
+    /**
+     * Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
+     * When `request` is set the system request secure renegotation of SSL connections.
+     * `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
+     * The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
+     */
+    secureRenegotiation?: pulumi.Input<string>;
+    /**
+     * Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
+     */
+    serverName?: pulumi.Input<string>;
+    /**
+     * Session Mirroring (enabled / disabled)
+     */
+    sessionMirroring?: pulumi.Input<string>;
+    /**
+     * Session Ticket (enabled / disabled)
+     */
+    sessionTicket?: pulumi.Input<string>;
+    /**
+     * Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
+     * There can be only one SSL profile with this setting enabled.
+     */
+    sniDefault?: pulumi.Input<string>;
+    /**
+     * Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
+     */
+    sniRequire?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
+     */
+    sslC3d?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxy?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxyBypass?: pulumi.Input<string>;
+    /**
+     * SSL sign hash (any, sha1, sha256, sha384)
+     */
+    sslSignHash?: pulumi.Input<string>;
+    /**
+     * Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
+     */
+    strictResume?: pulumi.Input<string>;
+    /**
+     * List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
+     * Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions    = ["dont-insert-empty-fragments","no-tlsv1.3"]
+     */
+    tmOptions?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Unclean Shutdown (enabled / disabled)
+     */
+    uncleanShutdown?: pulumi.Input<string>;
+}