ltmClientSslOptions
F5-BIGIP-LOCAL-MIB ·
.1.3.6.1.4.1.3375.2.2.6.2.1.2.1.13
Object
column
RFC1155-SMIGauge
The SSL options. SSLOPT_MICROSOFT_SESS_ID_BUG = 1 SSLOPT_NETSCAPE_CHALLENGE_BUG = 2 SSLOPT_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 8 SSLOPT_SSLREF2_REUSE_CERT_TYPE_BUG = 16 SSLOPT_MICROSOFT_BIG_SSLV3_BUFFER = 32 SSLOPT_MSIE_SSLV2_RSA_PADDING = 64 SSLOPT_SSLEAY_080_CLIENT_DH_BUG = 128 SSLOPT_TLS_D5_BUG = 256 SSLOPT_TLS_BLOCK_PADDING_BUG = 512 SSLOPT_DONT_INSERT_EMPTY_FRAGMENTS = 2048 SSLOPT_ALL_BUGFIXES = 4095 SSLOPT_PASSIVE_CLOSE = 4096 SSLOPT_NO_SSL = 8192 SSLOPT_NO_DTLS = 16384 SSLOPT_NO_TLSv1_3 = 32768 SSLOPT_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 65536 SSLOPT_NO_TLSv1_1 = 131072 SSLOPT_NO_TLSv1_2 = 262144 SSLOPT_NO_TLS = 524288 SSLOPT_SINGLE_DH_USE = 1048576 SSLOPT_EPHEMERAL_RSA = 2097152 SSLOPT_CIPHER_SERVER_PREFERENCE = 4194304 SSLOPT_TLS_ROLLBACK_BUG = 8388608 SSLOPT_NO_SSLv2 = 16777216 SSLOPT_NO_SSLv3 = 33554432 SSLOPT_NO_TLSv1 = 67108864 SSLOPT_PKCS1_CHECK_1 = 134217728 SSLOPT_PKCS1_CHECK_2 = 268435456 SSLOPT_NETSCAPE_CA_DN_BUG = 536870912 SSLOPT_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 1073741824
Context
- MIB
- F5-BIGIP-LOCAL-MIB
- OID
.1.3.6.1.4.1.3375.2.2.6.2.1.2.1.13- Type
- column
- Access
- readonly
- Status
- current
- Parent
- ltmClientSslEntry
- Table
- ltmClientSslTable
- Siblings
- 62
Syntax
RFC1155-SMIGauge
- Source
- RFC1155-SMIGauge
- Base type
Unsigned32
Values & Constraints
Type Constraints
range: 0..4294967295
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| ltmClientSslName The name of a client-side SSL profile. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.1 |
| ltmClientSslClientcertca The CA certificate file name. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.10 |
| ltmClientSslCiphers The set of ciphers available for client-side SSL negotiation. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.11 |
| ltmClientSslPassphrase deprecated Deprecated! No longer supported.
The key passphrase (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.12 |
| ltmClientSslModsslmethods The ModSSL method emulation. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.14 |
| ltmClientSslCacheSize The SSL session cache size. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.15 |
| ltmClientSslCacheTimeout The SSL session cache timeout. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.16 |
| ltmClientSslRenegotiatePeriod Time-based trigger. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.17 |
| ltmClientSslRenegotiateSize Throughput-based trigger MB. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.18 |
| ltmClientSslRenegotiateMaxRecordDelay The timeout of renegotiation. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.19 |
| ltmClientSslConfigSource The state that specifies whether this is a base/pre-configured profile
or user defined profile. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.2 |
| ltmClientSslHandshakeTimeout The handshake timeout in seconds. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.20 |
| ltmClientSslAlertTimeout The alert timeout in seconds. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.21 |
| ltmClientSslPeerCertMode The mode of peer certification. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.22 |
| ltmClientSslAuthenticateOnce The feature to request client cert once or with each SSL
session renegotiation. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.23 |
| ltmClientSslAuthenticateDepth The maximum traversal depth for client certificate chain. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.24 |
| ltmClientSslUncleanShutdown The state of shutdown for this SSL, whether it is unclean
shutdown (not sending a close notification alert when closing
connection.). | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.25 |
| ltmClientSslStrictResume Whether to enforce strict SSL session resumption
per RFC2246 | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.26 |
| ltmClientSslAllowNonssl Whether to allow non-SSL connections to pass through as
cleartext. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.27 |
| ltmClientSslSessionTicket Whether to enforce session ticket per RFC5077. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.28 |
| ltmClientSslFwdpEnabled Whether to enable SSL Forward Proxy. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.29 |
| ltmClientSslDefaultName The name of the profile from which the specified profile derives
its attribute default values. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.3 |
| ltmClientSslFwdpCaKey The CA key object name for Forward Proxy. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.30 |
| ltmClientSslFwdpCaCert The CA certificate object name for Forward Proxy. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.31 |
| ltmClientSslFwdpCaPassphrase deprecated Deprecated! No longer supported.
The CA key passphrase for Forward Proxy (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.32 |
| ltmClientSslFwdpCertLifespan The lifespan of the generated certificates for Forward Proxy. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.33 |
| ltmClientSslFwdpCertExtensionIncludes The certificate extensions to include in generated certificates for
Forward Proxy.
SSL_FWDP_CERT_EXT_BASIC_CONSTRAINTS = 2
SSL_FWDP_CERT_EXT_EXTENDED_KEY_USAGE … | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.34 |
| ltmClientSslFwdpLookupByIpaddrPort Whether to enable SSL Forward Proxy certificate caching by IPAddr-Port. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.35 |
| ltmClientSslGenericAlert Whether to use generic alert number in Alert message. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.36 |
| ltmClientSslSslSignHash The ssl sign hash algorithm. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.37 |
| ltmClientSslFwdpBypassEnabled Whether to enable SSL Forward Proxy Bypass. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.38 |
| ltmClientSslFwdpBypassDipBList The Forward Proxy Bypass Destination IP Blacklist (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.39 |
| ltmClientSslMode The mode of this profile. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.4 |
| ltmClientSslFwdpBypassDipWList The Forward Proxy Bypass Destination IP Whitelist (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.40 |
| ltmClientSslFwdpBypassSipBList The Forward Proxy Bypass Source IP Blacklist (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.41 |
| ltmClientSslFwdpBypassSipWList The Forward Proxy Bypass Source IP Whitelist (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.42 |
| ltmClientSslFwdpBypassHnBList The Forward Proxy Bypass Hostname Blacklist (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.43 |
| ltmClientSslFwdpBypassHnWList The Forward Proxy Bypass Hostname Whitelist (if any). | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.44 |
| ltmClientSslProxySsl Whether to enable Proxy SSL. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.45 |
| ltmClientSslProxySslPassthrough Whether to enable Proxy SSL passthrough. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.46 |
| ltmClientSslPeerNoRenegotiateTimeout The peer no-renegotiate timeout in seconds. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.47 |
| ltmClientSslMaxRenegotiationsPerMin Maximum SSL renegotiations per minute. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.48 |
| ltmClientSslSessionMirroring Whether to mirror ssl sessions to HA peer. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.49 |
| ltmClientSslKey deprecated Deprecated! Please refer ltmClientSslCertKeyChain.
The key file name. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.5 |
| ltmClientSslMaxAggregateRenegotiationsPerMin Maximum SSL aggregate renegotiations per minute. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.50 |
| ltmClientSslSessionTicketTimeout The session ticket timeout. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.51 |
| ltmClientSslAllowExpiredCrl Whether to ignore a CRLs expiration. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.52 |
| ltmClientSslMaxActiveHandshake Maximum number of allowed SSL active handshakes. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.53 |
| ltmClientSslAllowDynamicRecordSizing Allow dynamic record sizing. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.54 |
| ltmClientSslMaximumRecordSize Maximum SSL application record size. | column | RFC1155-SMIGauge | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.55 |
| ltmClientSslBypassHsAlertEnabled Whether to enable forward-proxy bypass on handshake alert | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.56 |
| ltmClientSslBypassClientCertFailEnabled Whether to enable forward-proxy bypass on failed client cert | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.57 |
| ltmClientSslOcspStapling Whether to enable OCSP stapling. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.58 |
| ltmClientSslNotifyCertStatusToVs Whether to propagate certificate status to virtual server status. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.59 |
| ltmClientSslCert deprecated Deprecated! Please refer ltmClientSslCertKeyChain.
The certificate file name. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.6 |
| ltmClientSslC3dEnabled Whether to enable SSL Client Certificate Constrained Delegation. | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.60 |
| ltmClientSslCentityOcspObjName OCSP object name that the BIGIP SSL should use to connect
to the OCSP responder and check the client certificate status. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.61 |
| ltmClientSslDropUnknownOcspStatus BIGIP action when the OCSP returns unknown status.
The default value is drop, which causes the connection to be dropped.
Conversely, you can specify ignore to cuase the connection… | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.62 |
| ltmClientSslData0rttMode Specifies if TLSv1.3 should accept 0-RTT with early data, with or without
anti-replay. To protect against packet replay, F5 recommends that you
enable anti-replay. If disabled, TL… | column | Enumeration | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.63 |
| ltmClientSslChain deprecated Deprecated! Please refer ltmClientSslCertKeyChain.
The certificate chain file name. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.7 |
| ltmClientSslCafile The CA certificate file name. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.8 |
| ltmClientSslCrlfile The CRL file name. | column | F5-BIGIP-COMMON-MIBLongDisplayString | .1.3.6.1.4.1.3375.2.2.6.2.1.2.1.9 |