netconfcentral logo

ietf-tls-server

HTML

ietf-tls-server@2017-10-30



  module ietf-tls-server {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-tls-server";

    prefix tlss;

    import ietf-tls-common {
      prefix tlscmn;
      revision-date "2017-10-30";
      reference
        "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";


    }
    import ietf-keystore {
      prefix ks;
      reference
        "RFC YYYY: Keystore Model";


    }

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG Web:   <http://tools.ietf.org/wg/netconf/>
    WG List:  <mailto:netconf@ietf.org>

    Author:   Kent Watsen
              <mailto:kwatsen@juniper.net>

    Author:   Gary Wu
              <mailto:garywu@cisco.com>";

    description
      "This module defines a reusable grouping for a TLS server that
    can be used as a basis for specific TLS server instances.

    Copyright (c) 2017 IETF Trust and the persons identified as
    authors of the code. All rights reserved.

    Redistribution and use in source and binary forms, with or
    without modification, is permitted pursuant to, and subject
    to the license terms contained in, the Simplified BSD
    License set forth in Section 4.c of the IETF Trust's
    Legal Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info).

    This version of this YANG module is part of RFC XXXX; see
    the RFC itself for full legal notices.";

    revision "2017-10-30" {
      description "Initial version";
      reference
        "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";

    }


    feature tls-server-hello-params-config {
      description
        "TLS hello message parameters are configurable on a TLS
       server.";
    }

    grouping tls-server-grouping {
      description
        "A reusable grouping for configuring a TLS server without
       any consideration for how underlying TCP sessions are
       established.";
      container server-identity {
        description
          "The list of certificates the TLS server will present when
         establishing a TLS connection in its Certificate message,
         as defined in Section 7.4.2 in RFC 5246.";
        reference
          "RFC 5246:
            The Transport Layer Security (TLS) Protocol Version 1.2";

        uses ks:private-key-grouping;

        uses ks:certificate-grouping;
      }  // container server-identity

      container client-auth {
        description
          "A reference to a list of pinned certificate authority (CA)
         certificates and a reference to a list of pinned client
         certificates.";
        leaf pinned-ca-certs {
          type ks:pinned-certificates;
          description
            "A reference to a list of certificate authority (CA)
           certificates used by the TLS server to authenticate
           TLS client certificates.  A client certificate is
           authenticated if it has a valid chain of trust to
           a configured pinned CA certificate.";
        }

        leaf pinned-client-certs {
          type ks:pinned-certificates;
          description
            "A reference to a list of client certificates used by
           the TLS server to authenticate TLS client certificates.
           A clients certificate is authenticated if it is an
           exact match to a configured pinned client certificate.";
        }
      }  // container client-auth

      container hello-params {
        if-feature tls-server-hello-params-config;
        description
          "Configurable parameters for the TLS hello message.";
        uses tlscmn:hello-params-grouping;
      }  // container hello-params
    }  // grouping tls-server-grouping
  }  // module ietf-tls-server

Summary

  
ietf-tls-server  
  
Organization IETF NETCONF (Network Configuration) Working Group
  
Module ietf-tls-server
Version 2015-10-09
File ietf-tls-server.yang
  
Prefix ts
Namespace urn:ietf:params:xml:ns:yang:ietf-tls-server
  
Cooked /cookedmodules/ietf-tls-server/2015-10-09
YANG /src/ietf-tls-server@2015-10-09.yang
XSD /xsd/ietf-tls-server@2015-10-09.xsd
  
Abstract This module defines a reusable grouping for a TLS server that can be used as a basis for specific TLS server instances. Copyrig...
  
Contact
WG Web:   <http://tools.ietf.org/wg/netconf/>
WG List:  <mailto:netconf@ietf.org>

WG Chair: Mehmet Ersue
	  <mailto:mehmet.ersue@nsn.com>

WG Chair: Mahesh Jethanandani
	  <mailto:mjethanandani@gmail.com>

Editor:   Kent Watsen
	  <mailto:kwatsen@juniper.net>
  
ietf-tls-server  
  
Organization IETF NETCONF (Network Configuration) Working Group
  
Module ietf-tls-server
Version 2017-10-30
File ietf-tls-server@2017-10-30.yang
  
Prefix tlss
Namespace urn:ietf:params:xml:ns:yang:ietf-tls-server
  
Cooked /cookedmodules/ietf-tls-server/2017-10-30
YANG /src/ietf-tls-server@2017-10-30.yang
XSD /xsd/ietf-tls-server@2017-10-30.xsd
  
Abstract This module defines a reusable grouping for a TLS server that can be used as a basis for specific TLS server instances. Copyrig...
  
Contact
WG Web:   <http://tools.ietf.org/wg/netconf/>
WG List:  <mailto:netconf@ietf.org>

Author:   Kent Watsen
	  <mailto:kwatsen@juniper.net>

Author:   Gary Wu
	  <mailto:garywu@cisco.com>

Description

 
ietf-tls-server
This module defines a reusable grouping for a TLS server that
can be used as a basis for specific TLS server instances.

Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC VVVV; see
the RFC itself for full legal notices.
 
ietf-tls-server
This module defines a reusable grouping for a TLS server that
can be used as a basis for specific TLS server instances.

Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.

Groupings

Grouping Objects Abstract
listening-tls-server-grouping address port certificates client-auth A reusable grouping for a TLS server that can be used as a basis for specific TLS server instances.
non-listening-tls-server-grouping certificates client-auth A reusable grouping for a TLS server that can be used as a basis for specific TLS server instances.
tls-server-grouping server-identity client-auth hello-params A reusable grouping for configuring a TLS server without any consideration for how underlying TCP sessions are established.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
listening-tls-server container This container is only present to enable `pyang` tree diagram output, as a grouping by itself has no protocol accessible nodes to output.
   address leaf The IP address of the interface to listen on. The TLS server will listen on all interfaces if no value is specified.
   certificates container The list of certificates the TLS server will present when establishing a TLS connection.
      certificate list An unordered list of certificates the TLS server can pick from when sending its Server Certificate message.
         name leaf The name of the certificate in the keychain.
   client-auth container A reference to a list of trusted certificate authority (CA) certificates and a reference to a list of trusted client certificates.
      trusted-ca-certs leaf A reference to a list of certificate authority (CA) certificates used by the TLS server to authenticate TLS client certificates.
      trusted-client-certs leaf A reference to a list of client certificates used by the TLS server to authenticate TLS client certificates. A clients certificate is authenticated if it is an exact match to a configured trusted client certificate.
   port leaf The local port number on this interface the TLTLS server listens on.