@pulumi/f5bigip 3.4.1

package/ltm/profileServerSsl.d.ts

@@ -0,0 +1,676 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * `f5bigip.ltm.ProfileServerSsl` Manages server SSL profiles on a BIG-IP
+ *
+ * Resources should be named with their "full path". The full path is the combination of the partition + name (example: /Common/my-pool ) or  partition + directory + name of the resource  (example: /Common/test/my-pool )
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as f5bigip from "@pulumi/f5bigip";
+ *
+ * const test_ServerSsl = new f5bigip.ltm.ProfileServerSsl("test-ServerSsl", {
+ *     authenticate: "always",
+ *     ciphers: "DEFAULT",
+ *     defaultsFrom: "/Common/serverssl",
+ *     name: "/Common/test-ServerSsl",
+ * });
+ * ```
+ */
+export declare class ProfileServerSsl extends pulumi.CustomResource {
+    /**
+     * Get an existing ProfileServerSsl resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProfileServerSslState, opts?: pulumi.CustomResourceOptions): ProfileServerSsl;
+    /**
+     * Returns true if the given object is an instance of ProfileServerSsl.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is ProfileServerSsl;
+    /**
+     * Alert time out
+     */
+    readonly alertTimeout: pulumi.Output<string>;
+    /**
+     * Specifies the frequency of server authentication for an SSL session.When `once`,specifies that the system authenticates the server once for an SSL session.
+     * When `always`, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
+     */
+    readonly authenticate: pulumi.Output<string>;
+    /**
+     * Client certificate chain traversal depth. Default 9.
+     */
+    readonly authenticateDepth: pulumi.Output<number>;
+    /**
+     * Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
+     */
+    readonly c3dCaCert: pulumi.Output<string | undefined>;
+    /**
+     * Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.
+     */
+    readonly c3dCaKey: pulumi.Output<string | undefined>;
+    /**
+     * CA Passphrase. Default
+     */
+    readonly c3dCaPassphrase: pulumi.Output<string>;
+    /**
+     * Certificate Extensions List. Default
+     */
+    readonly c3dCertExtensionCustomOids: pulumi.Output<string[] | undefined>;
+    /**
+     * Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:
+     */
+    readonly c3dCertExtensionIncludes: pulumi.Output<string[] | undefined>;
+    /**
+     * Certificate Lifespan. Default
+     */
+    readonly c3dCertLifespan: pulumi.Output<number>;
+    /**
+     * CA Passphrase. Default enabled
+     */
+    readonly c3dCertificateExtensions: pulumi.Output<string>;
+    /**
+     * Client certificate file path. Default None.
+     */
+    readonly caFile: pulumi.Output<string>;
+    /**
+     * Cache size (sessions).
+     */
+    readonly cacheSize: pulumi.Output<number>;
+    /**
+     * Cache time out
+     */
+    readonly cacheTimeout: pulumi.Output<number>;
+    /**
+     * Specifies the name of the certificate that the system uses for server-side SSL processing.
+     */
+    readonly cert: pulumi.Output<string>;
+    /**
+     * Specifies the certificates-key chain to associate with the SSL profile
+     */
+    readonly chain: pulumi.Output<string>;
+    /**
+     * Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
+     */
+    readonly ciphers: pulumi.Output<string>;
+    /**
+     * The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is `/Common/serverssl`.
+     */
+    readonly defaultsFrom: pulumi.Output<string | undefined>;
+    /**
+     * Response if the cert is expired (drop / ignore).
+     */
+    readonly expireCertResponseControl: pulumi.Output<string>;
+    /**
+     * full path of the profile
+     */
+    readonly fullPath: pulumi.Output<string>;
+    /**
+     * generation
+     */
+    readonly generation: pulumi.Output<number>;
+    /**
+     * Generic alerts enabled / disabled.
+     */
+    readonly genericAlert: pulumi.Output<string>;
+    /**
+     * Handshake time out (seconds)
+     */
+    readonly handshakeTimeout: pulumi.Output<string>;
+    /**
+     * Specifies the file name of the SSL key.
+     */
+    readonly key: pulumi.Output<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    readonly modSslMethods: pulumi.Output<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    readonly mode: pulumi.Output<string>;
+    /**
+     * Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the `partition + profile name`. For example `/Common/test-serverssl-profile`.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * name of partition
+     */
+    readonly partition: pulumi.Output<string>;
+    /**
+     * Client Certificate Constrained Delegation CA passphrase
+     */
+    readonly passphrase: pulumi.Output<string>;
+    /**
+     * Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
+     */
+    readonly peerCertMode: pulumi.Output<string>;
+    /**
+     * Proxy CA Cert
+     */
+    readonly proxyCaCert: pulumi.Output<string>;
+    /**
+     * Proxy CA Key
+     */
+    readonly proxyCaKey: pulumi.Output<string>;
+    /**
+     * Proxy SSL enabled / disabled. Default is disabled.
+     */
+    readonly proxySsl: pulumi.Output<string>;
+    /**
+     * Renogotiate Period (seconds)
+     */
+    readonly renegotiatePeriod: pulumi.Output<string>;
+    /**
+     * Renogotiate Size
+     */
+    readonly renegotiateSize: pulumi.Output<string>;
+    /**
+     * Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
+     */
+    readonly renegotiation: pulumi.Output<string>;
+    /**
+     * When `true`, client certificate is retained in SSL session.
+     */
+    readonly retainCertificate: pulumi.Output<string>;
+    /**
+     * Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
+     * When `request` is set the system request secure renegotation of SSL connections.
+     * `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
+     * The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
+     */
+    readonly secureRenegotiation: pulumi.Output<string>;
+    /**
+     * Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
+     */
+    readonly serverName: pulumi.Output<string>;
+    /**
+     * Session Mirroring (enabled / disabled)
+     */
+    readonly sessionMirroring: pulumi.Output<string>;
+    /**
+     * Session Ticket (enabled / disabled)
+     */
+    readonly sessionTicket: pulumi.Output<string>;
+    /**
+     * Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
+     * There can be only one SSL profile with this setting enabled.
+     */
+    readonly sniDefault: pulumi.Output<string>;
+    /**
+     * Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
+     */
+    readonly sniRequire: pulumi.Output<string>;
+    /**
+     * Enables or disables SSL forward proxy bypass on receiving
+     * handshake_failure, protocolVersion or unsupportedExtension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocolVersion or unsupportedExtension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
+     */
+    readonly sslC3d: pulumi.Output<string | undefined>;
+    /**
+     * Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
+     */
+    readonly sslForwardProxy: pulumi.Output<string>;
+    /**
+     * Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
+     */
+    readonly sslForwardProxyBypass: pulumi.Output<string>;
+    /**
+     * SSL sign hash (any, sha1, sha256, sha384)
+     */
+    readonly sslSignHash: pulumi.Output<string>;
+    /**
+     * Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
+     */
+    readonly strictResume: pulumi.Output<string>;
+    /**
+     * List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
+     * Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions    = ["dont-insert-empty-fragments","no-tlsv1.3"]
+     */
+    readonly tmOptions: pulumi.Output<string[]>;
+    /**
+     * Unclean Shutdown (enabled / disabled)
+     */
+    readonly uncleanShutdown: pulumi.Output<string>;
+    /**
+     * Unclean Shutdown (drop / ignore)
+     */
+    readonly untrustedCertResponseControl: pulumi.Output<string>;
+    /**
+     * Create a ProfileServerSsl resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: ProfileServerSslArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering ProfileServerSsl resources.
+ */
+export interface ProfileServerSslState {
+    /**
+     * Alert time out
+     */
+    alertTimeout?: pulumi.Input<string>;
+    /**
+     * Specifies the frequency of server authentication for an SSL session.When `once`,specifies that the system authenticates the server once for an SSL session.
+     * When `always`, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
+     */
+    authenticate?: pulumi.Input<string>;
+    /**
+     * Client certificate chain traversal depth. Default 9.
+     */
+    authenticateDepth?: pulumi.Input<number>;
+    /**
+     * Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
+     */
+    c3dCaCert?: pulumi.Input<string>;
+    /**
+     * Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.
+     */
+    c3dCaKey?: pulumi.Input<string>;
+    /**
+     * CA Passphrase. Default
+     */
+    c3dCaPassphrase?: pulumi.Input<string>;
+    /**
+     * Certificate Extensions List. Default
+     */
+    c3dCertExtensionCustomOids?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:
+     */
+    c3dCertExtensionIncludes?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Certificate Lifespan. Default
+     */
+    c3dCertLifespan?: pulumi.Input<number>;
+    /**
+     * CA Passphrase. Default enabled
+     */
+    c3dCertificateExtensions?: pulumi.Input<string>;
+    /**
+     * Client certificate file path. Default None.
+     */
+    caFile?: pulumi.Input<string>;
+    /**
+     * Cache size (sessions).
+     */
+    cacheSize?: pulumi.Input<number>;
+    /**
+     * Cache time out
+     */
+    cacheTimeout?: pulumi.Input<number>;
+    /**
+     * Specifies the name of the certificate that the system uses for server-side SSL processing.
+     */
+    cert?: pulumi.Input<string>;
+    /**
+     * Specifies the certificates-key chain to associate with the SSL profile
+     */
+    chain?: pulumi.Input<string>;
+    /**
+     * Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
+     */
+    ciphers?: pulumi.Input<string>;
+    /**
+     * The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is `/Common/serverssl`.
+     */
+    defaultsFrom?: pulumi.Input<string>;
+    /**
+     * Response if the cert is expired (drop / ignore).
+     */
+    expireCertResponseControl?: pulumi.Input<string>;
+    /**
+     * full path of the profile
+     */
+    fullPath?: pulumi.Input<string>;
+    /**
+     * generation
+     */
+    generation?: pulumi.Input<number>;
+    /**
+     * Generic alerts enabled / disabled.
+     */
+    genericAlert?: pulumi.Input<string>;
+    /**
+     * Handshake time out (seconds)
+     */
+    handshakeTimeout?: pulumi.Input<string>;
+    /**
+     * Specifies the file name of the SSL key.
+     */
+    key?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    modSslMethods?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    mode?: pulumi.Input<string>;
+    /**
+     * Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the `partition + profile name`. For example `/Common/test-serverssl-profile`.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * name of partition
+     */
+    partition?: pulumi.Input<string>;
+    /**
+     * Client Certificate Constrained Delegation CA passphrase
+     */
+    passphrase?: pulumi.Input<string>;
+    /**
+     * Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
+     */
+    peerCertMode?: pulumi.Input<string>;
+    /**
+     * Proxy CA Cert
+     */
+    proxyCaCert?: pulumi.Input<string>;
+    /**
+     * Proxy CA Key
+     */
+    proxyCaKey?: pulumi.Input<string>;
+    /**
+     * Proxy SSL enabled / disabled. Default is disabled.
+     */
+    proxySsl?: pulumi.Input<string>;
+    /**
+     * Renogotiate Period (seconds)
+     */
+    renegotiatePeriod?: pulumi.Input<string>;
+    /**
+     * Renogotiate Size
+     */
+    renegotiateSize?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
+     */
+    renegotiation?: pulumi.Input<string>;
+    /**
+     * When `true`, client certificate is retained in SSL session.
+     */
+    retainCertificate?: pulumi.Input<string>;
+    /**
+     * Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
+     * When `request` is set the system request secure renegotation of SSL connections.
+     * `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
+     * The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
+     */
+    secureRenegotiation?: pulumi.Input<string>;
+    /**
+     * Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
+     */
+    serverName?: pulumi.Input<string>;
+    /**
+     * Session Mirroring (enabled / disabled)
+     */
+    sessionMirroring?: pulumi.Input<string>;
+    /**
+     * Session Ticket (enabled / disabled)
+     */
+    sessionTicket?: pulumi.Input<string>;
+    /**
+     * Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
+     * There can be only one SSL profile with this setting enabled.
+     */
+    sniDefault?: pulumi.Input<string>;
+    /**
+     * Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
+     */
+    sniRequire?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL forward proxy bypass on receiving
+     * handshake_failure, protocolVersion or unsupportedExtension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocolVersion or unsupportedExtension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
+     */
+    sslC3d?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxy?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxyBypass?: pulumi.Input<string>;
+    /**
+     * SSL sign hash (any, sha1, sha256, sha384)
+     */
+    sslSignHash?: pulumi.Input<string>;
+    /**
+     * Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
+     */
+    strictResume?: pulumi.Input<string>;
+    /**
+     * List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
+     * Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions    = ["dont-insert-empty-fragments","no-tlsv1.3"]
+     */
+    tmOptions?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Unclean Shutdown (enabled / disabled)
+     */
+    uncleanShutdown?: pulumi.Input<string>;
+    /**
+     * Unclean Shutdown (drop / ignore)
+     */
+    untrustedCertResponseControl?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a ProfileServerSsl resource.
+ */
+export interface ProfileServerSslArgs {
+    /**
+     * Alert time out
+     */
+    alertTimeout?: pulumi.Input<string>;
+    /**
+     * Specifies the frequency of server authentication for an SSL session.When `once`,specifies that the system authenticates the server once for an SSL session.
+     * When `always`, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
+     */
+    authenticate?: pulumi.Input<string>;
+    /**
+     * Client certificate chain traversal depth. Default 9.
+     */
+    authenticateDepth?: pulumi.Input<number>;
+    /**
+     * Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
+     */
+    c3dCaCert?: pulumi.Input<string>;
+    /**
+     * Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.
+     */
+    c3dCaKey?: pulumi.Input<string>;
+    /**
+     * CA Passphrase. Default
+     */
+    c3dCaPassphrase?: pulumi.Input<string>;
+    /**
+     * Certificate Extensions List. Default
+     */
+    c3dCertExtensionCustomOids?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:
+     */
+    c3dCertExtensionIncludes?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Certificate Lifespan. Default
+     */
+    c3dCertLifespan?: pulumi.Input<number>;
+    /**
+     * CA Passphrase. Default enabled
+     */
+    c3dCertificateExtensions?: pulumi.Input<string>;
+    /**
+     * Client certificate file path. Default None.
+     */
+    caFile?: pulumi.Input<string>;
+    /**
+     * Cache size (sessions).
+     */
+    cacheSize?: pulumi.Input<number>;
+    /**
+     * Cache time out
+     */
+    cacheTimeout?: pulumi.Input<number>;
+    /**
+     * Specifies the name of the certificate that the system uses for server-side SSL processing.
+     */
+    cert?: pulumi.Input<string>;
+    /**
+     * Specifies the certificates-key chain to associate with the SSL profile
+     */
+    chain?: pulumi.Input<string>;
+    /**
+     * Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
+     */
+    ciphers?: pulumi.Input<string>;
+    /**
+     * The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is `/Common/serverssl`.
+     */
+    defaultsFrom?: pulumi.Input<string>;
+    /**
+     * Response if the cert is expired (drop / ignore).
+     */
+    expireCertResponseControl?: pulumi.Input<string>;
+    /**
+     * full path of the profile
+     */
+    fullPath?: pulumi.Input<string>;
+    /**
+     * generation
+     */
+    generation?: pulumi.Input<number>;
+    /**
+     * Generic alerts enabled / disabled.
+     */
+    genericAlert?: pulumi.Input<string>;
+    /**
+     * Handshake time out (seconds)
+     */
+    handshakeTimeout?: pulumi.Input<string>;
+    /**
+     * Specifies the file name of the SSL key.
+     */
+    key?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    modSslMethods?: pulumi.Input<string>;
+    /**
+     * ModSSL Methods enabled / disabled. Default is disabled.
+     */
+    mode?: pulumi.Input<string>;
+    /**
+     * Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the `partition + profile name`. For example `/Common/test-serverssl-profile`.
+     */
+    name: pulumi.Input<string>;
+    /**
+     * name of partition
+     */
+    partition?: pulumi.Input<string>;
+    /**
+     * Client Certificate Constrained Delegation CA passphrase
+     */
+    passphrase?: pulumi.Input<string>;
+    /**
+     * Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
+     */
+    peerCertMode?: pulumi.Input<string>;
+    /**
+     * Proxy CA Cert
+     */
+    proxyCaCert?: pulumi.Input<string>;
+    /**
+     * Proxy CA Key
+     */
+    proxyCaKey?: pulumi.Input<string>;
+    /**
+     * Proxy SSL enabled / disabled. Default is disabled.
+     */
+    proxySsl?: pulumi.Input<string>;
+    /**
+     * Renogotiate Period (seconds)
+     */
+    renegotiatePeriod?: pulumi.Input<string>;
+    /**
+     * Renogotiate Size
+     */
+    renegotiateSize?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
+     */
+    renegotiation?: pulumi.Input<string>;
+    /**
+     * When `true`, client certificate is retained in SSL session.
+     */
+    retainCertificate?: pulumi.Input<string>;
+    /**
+     * Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile.
+     * When `request` is set the system request secure renegotation of SSL connections.
+     * `require` is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients.
+     * The `require-strict` setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
+     */
+    secureRenegotiation?: pulumi.Input<string>;
+    /**
+     * Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk `*` character.
+     */
+    serverName?: pulumi.Input<string>;
+    /**
+     * Session Mirroring (enabled / disabled)
+     */
+    sessionMirroring?: pulumi.Input<string>;
+    /**
+     * Session Ticket (enabled / disabled)
+     */
+    sessionTicket?: pulumi.Input<string>;
+    /**
+     * Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile.
+     * There can be only one SSL profile with this setting enabled.
+     */
+    sniDefault?: pulumi.Input<string>;
+    /**
+     * Requires that the network peers also provide SNI support, this setting only takes effect when `sniDefault` is set to `true`.When creating a new profile, the setting is provided by the parent profile
+     */
+    sniRequire?: pulumi.Input<string>;
+    /**
+     * Enables or disables SSL forward proxy bypass on receiving
+     * handshake_failure, protocolVersion or unsupportedExtension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocolVersion or unsupportedExtension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
+     */
+    sslC3d?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxy?: pulumi.Input<string>;
+    /**
+     * Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
+     */
+    sslForwardProxyBypass?: pulumi.Input<string>;
+    /**
+     * SSL sign hash (any, sha1, sha256, sha384)
+     */
+    sslSignHash?: pulumi.Input<string>;
+    /**
+     * Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
+     */
+    strictResume?: pulumi.Input<string>;
+    /**
+     * List of Enabled selection from a set of industry standard options for handling SSL processing.By default,
+     * Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. `Usage` : tmOptions    = ["dont-insert-empty-fragments","no-tlsv1.3"]
+     */
+    tmOptions?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Unclean Shutdown (enabled / disabled)
+     */
+    uncleanShutdown?: pulumi.Input<string>;
+    /**
+     * Unclean Shutdown (drop / ignore)
+     */
+    untrustedCertResponseControl?: pulumi.Input<string>;
+}