ALIYUN::SLB::TLSPolicy

ALIYUN::SLB::TLSPolicy类型用于创建TLS策略。

语法

{
  "Type": "ALIYUN::SLB::TLSPolicy",
  "Properties": {
    "Ciphers": List,
    "TLSPolicyName": String,
    "TlsVersions": List
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

Ciphers

List

支持的加密套件列表。

具体依赖 TLSVersion 值。最多支持添加32个加密套件。

TLSv1.0和TLSv1.1 支持:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

TLSv1.2支持:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256

  • AES256-SHA256

TLSv1.3支持:

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_CCM_SHA256

  • TLS_AES_128_CCM_8_SHA256

TLSPolicyName

String

TLS策略名称。

长度为2~200个字符,支持中文和大小写英文字母,可包含数字、半角句号(.)、下划线(_)和短划线(-)。

TlsVersions

List

支持的TLS协议版本。

取值:TLSv1.0TLSv1.1TLSv1.2TLSv1.3。最多支持添加4个TLS协议版本。

返回值

Fn::GetAtt

  • Ciphers:支持的加密套件列表。

  • TLSPolicyName:TLS策略名称。

  • InstanceId:策略ID。

  • CreateTime:TLS策略创建时间

  • TlsVersions:支持的TLS协议版本。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters: {}
Resources:
  ExtensionResource:
    Type: ALIYUN::SLB::TLSPolicy
    Properties:
      Ciphers:
        - ECDHE-ECDSA-AES128-SHA
      TLSPolicyName: TLSPolicy-test
      TlsVersions:
        - TLSv1.0
Outputs:
  Ciphers:
    Description: The supported cipher suites, which are determined by the TLS protocol version.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - Ciphers
  TLSPolicyName:
    Description: The name of the TLS policy.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - TLSPolicyName
  InstanceId:
    Description: The ID of the policy.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - InstanceId
  CreateTime:
    Description: Creation time.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - CreateTime
  TlsVersions:
    Description: The version of the TLS protocol.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - TlsVersions

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::SLB::TLSPolicy",
      "Properties": {
        "Ciphers": [
          "ECDHE-ECDSA-AES128-SHA"
        ],
        "TLSPolicyName": "TLSPolicy-test",
        "TlsVersions": [
          "TLSv1.0"
        ]
      }
    }
  },
  "Outputs": {
    "Ciphers": {
      "Description": "The supported cipher suites, which are determined by the TLS protocol version.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "Ciphers"
        ]
      }
    },
    "TLSPolicyName": {
      "Description": "The name of the TLS policy.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "TLSPolicyName"
        ]
      }
    },
    "InstanceId": {
      "Description": "The ID of the policy.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "InstanceId"
        ]
      }
    },
    "CreateTime": {
      "Description": "Creation time.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "CreateTime"
        ]
      }
    },
    "TlsVersions": {
      "Description": "The version of the TLS protocol.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "TlsVersions"
        ]
      }
    }
  }
}