radware / radware.radware_modules / 0.6.12 / module / alteon_config_ssl_policy Manage SSL policy in Radware Alteon | "added in version" 2.9 of radware.radware_modules" Authors: Leon Meguira (@leonmeguira), Nati Fridman (@natifridman) stableinterface | supported by certifiedradware.radware_modules.alteon_config_ssl_policy (0.6.12) — module
Install with ansible-galaxy collection install radware.radware_modules:==0.6.12
collections: - name: radware.radware_modules version: 0.6.12
Manage SSL policy in Radware Alteon
- name: alteon configuration command radware.radware_modules.alteon_config_ssl_policy: provider: server: 192.168.1.1 user: admin password: admin validate_certs: no https_port: 443 ssh_port: 22 timeout: 5 state: present parameters: index: ssl_pol_test description: test_policy be_ssl_encryption: enabled secure_renegotiation: 3 fe_cipher_suite: user_defined_expert fe_user_defined_cipher: ALL:!DH:!NULL:!aNULL:!EXPORT:!RC4:!RC2:!3DES:!DES:!DSS:!SRP:!PSK:!IDEA:!SSLv2:!RSA:@STRENGTH be_hw_offload_rsa: disabled pass_ssl_info_add_front_end_https_header: enabled fe_intermediate_ca_chain_type: group
state: choices: - present - absent - read - overwrite - append default: null description: - When C(present), guarantees that the object exists with the provided attributes. - When C(absent), when applicable removes the object. - When C(read), when exists read object from configuration to parameter format. - When C(overwrite), removes the object if exists then recreate it - When C(append), append object configuration with the provided parameters required: true provider: description: - Radware Alteon connection details. required: true suboptions: https_port: default: null description: - Radware Alteon https port. required: true password: default: null description: - Radware Alteon password. required: true server: default: null description: - Radware Alteon IP address. required: true ssh_port: default: null description: - Radware Alteon ssh port. required: true timeout: default: null description: - Timeout for connection. required: true user: default: null description: - Radware Alteon username. required: true validate_certs: default: null description: - If C(no), SSL certificates will not be validated. - This should only set to C(no) used on personally controlled sites using self-signed certificates. required: true type: bool parameters: description: - Parameters for SSL policy configuration. suboptions: be_auth_policy_name: default: null description: - Specifies how server certificate authenticity should be checked, if at all. Select an Authentication Policy of type Server. required: false type: str be_cipher: choices: - low - medium - high - user_defined - user_defined_expert - main default: main description: - Specifies the cipher suites allowed in the back-end SSL policy. required: false be_client_cert_name: default: null description: - Specifies the client certificate that should be used when the server requests from the client (Alteon) certificate for authentication. required: false type: str be_hw_offload_bulk_encryption: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for Bulk encryption algorithm on the back-end SSL. required: false be_hw_offload_dh: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for DHE algorithm on the back-end SSL. required: false be_hw_offload_ec: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for ECDHE algorithm on the back-end SSL. required: false be_hw_offload_rsa: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for RSA algorithm on the back-end SSL. required: false be_hw_ssl_offload: choices: - enabled - disabled default: enabled description: - Specifies enabling hardware offload on the back-end SSL. required: false be_include_sni: choices: - enabled - disabled default: disabled description: - Specifies whether to enable or disable including back-end SNI. required: false be_ssl_encryption: choices: - enabled - disabled default: enabled description: - Specifies whether to establish an SSL connection towards the server and allow decryption/encryption of client traffic. required: false be_ssl_tls1_0: choices: - enabled - disabled default: disabled description: - Enable/Disable TLS 1.0 during SSL/TLS handshake. required: false be_ssl_tls1_1: choices: - enabled - disabled default: enabled description: - Enable/Disable TLS 1.1 during SSL/TLS handshake. required: false be_ssl_tls1_2: choices: - enabled - disabled default: enabled description: - Enable/Disable TLS 1.2 during SSL/TLS handshake. required: false be_ssl_v3: choices: - enabled - disabled default: disabled description: - Enable/Disable SSLv3 during SSL/TLS handshake. required: false be_user_defined_cipher: default: null description: - Specifies a user-defined cipher-suite using an exact cipher-string (requires expert OpenSSL knowledge). required: false type: str description: default: null description: - A name or description for the SSL policy. required: false type: str dh_key_size: choices: - keySize1024 - keySize2048 default: keySize2048 description: - A specific method of securely exchanging cryptographic keys over a public channel. required: false fe_auth_policy_name: default: null description: - Specifies how client certificate authenticity should be checked, if at all. required: false type: str fe_cipher_suite: choices: - rsa - all - all_non_null_ciphers - sslv3 - tlsv1 - tlsv1_2 - export - low - medium - high - rsa_rc4_128_md5 - rsa_rc4_128_sha1 - rsa_des_sha1 - rsa_3des_sha1 - rsa_aes_128_sha1 - rsa_aes_256_sha1 - pci_dss_compliance - user_defined - user_defined_expert - main - http2 default: main description: - Select the cipher suite to use during SSL handshake. By default, the RSA cipher suite is selected. - Radware recommends that you use the PCI-DSS predefined cipher suite for enhanced SSL security. required: false fe_hw_offload_bulk_encryption: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for Bulk encryption algorithm on the front-end SSL. required: false fe_hw_offload_dh: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for DHE algorithm on the front-end SSL. required: false fe_hw_offload_ec: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for ECDHE algorithm on the front-end SSL. required: false fe_hw_offload_rsa: choices: - enabled - disabled default: null description: - Specifies enabling hardware offload for RSA algorithm on the front-end SSL. required: false fe_hw_ssl_offload: choices: - enabled - disabled default: enabled description: - Specifies enabling hardware offload on the front-end SSL. required: false fe_intermediate_ca_chain_name: default: null description: - Specifies the Intermediate CA certificate name or certificate chain (group) to be sent to the client together with the server certificate to construct the trust chain to the user's trusted CAs. required: false type: str fe_intermediate_ca_chain_type: choices: - group - cert - none default: null description: - Specifies the Intermediate CA certificate or certificate chain (group) to be sent to the client together with the server certificate to construct the trust chain to the user's trusted CAs. required: false fe_ssl_encryption: choices: - enabled - disabled - connect default: enabled description: - Specifies whether to establish an SSL connection with the client and allow decryption/encryption of client traffic. - C(disabled) No decryption/encryption on the client-side connection. - C(enabled) The SSL connection is established and traffic is decrypted/encrypted on the client-side connection - C(connect) he SSL connection is established after clear-text HTTP Connect request is received and answered. This option is relevant only for outbound SSL Inspection scenarios where Alteon is installed as the HTTPS proxy for the clients. - For other (non-HTTP) traffic, the SSL connection is established a after clear-text "starttls" request is received and answered. required: false fe_ssl_tls1_0: choices: - enabled - disabled default: disabled description: - Enable/Disable TLS 1.0 during SSL/TLS handshake. required: false fe_ssl_tls1_1: choices: - enabled - disabled default: enabled description: - Enable/Disable TLS 1.1 during SSL/TLS handshake. required: false fe_ssl_tls1_2: choices: - enabled - disabled default: enabled description: - Enable/Disable TLS 1.2 during SSL/TLS handshake. required: false fe_ssl_v3: choices: - enabled - disabled default: disabled description: - Enable/Disable SSLv3 during SSL/TLS handshake. required: false fe_user_defined_cipher: default: null description: - The user-defined cipher-suite allowed for SSL, in OpenSSL format. - Alteon supports all ciphers supported by the OpenSSL format. required: false type: str http_redirection_conversion: choices: - enabled - disabled description: - Enable/Disable HTTP redirection conversion required: false index: default: null description: - The SSL policy name as an index. required: true type: str pass_ssl_info_add_front_end_https_header: choices: - enabled - disabled default: disabled description: - Specifies whether to add the Front-End HTTPS header to communicate to the back-end servers that the connection from the client is over HTTPS. required: false pass_ssl_info_cipher_bits_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass the key length for the symmetric cipher negotiated (for example, 128 bits if AES128 was selected) to the back-end servers. required: false pass_ssl_info_cipher_bits_header_name: default: Cipher-Bits description: - Specifies what header name to use when passing the key length for the symmetric cipher negotiated (for example, 128 bits if AES128 was selected) to the back-end servers. required: false type: str pass_ssl_info_cipher_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass cipher-suite information to the back-end servers. required: false pass_ssl_info_cipher_header_name: default: Cipher-Suite description: - Specifies what header name to use when passing cipher-suite information to the back-end servers. required: false type: str pass_ssl_info_compliant_x_ssl_header: choices: - enabled - disabled default: disabled description: - Specifies whether to enable the 2424SSL Headers Compliance Mode. required: false pass_ssl_info_ssl_ver: choices: - enabled - disabled default: disabled description: - Specifies whether to pass the SSL version to the back-end servers. required: false pass_ssl_info_ssl_ver_header_name: default: SSL-Version description: - Specifies what header name to use when passing the SSL version to the back-end servers to the back-end servers. required: false type: str secure_renegotiation: default: 5 description: - Specifies the maximum number of allowed secure renegotiations. - 0 (secure renegotiation is disabled on both front-end and back-end servers). - 1 to 1024. - unlimited (unlimited secure renegotiation is enabled). required: false type: int state: choices: - enabled - disabled default: null description: - Enable/Disable the SSL policy. required: false revert_on_error: default: false description: - If an error occurs, perform revert on alteon. required: false type: bool write_on_change: default: false description: - Executes Alteon write calls only when an actual change has been evaluated. required: false type: bool
obj: description: parameters object type returned: changed, read type: dictionary status: description: Message detailing run result returned: success sample: object deployed successfully type: str