From 98a672123c7872f6b9b75a9a2b6bb3aea504de6a Mon Sep 17 00:00:00 2001 From: David Leutgeb Date: Tue, 5 Dec 2023 12:25:34 +0100 Subject: Initial commit --- MIBS/dlink/DLINKSW-SSL-MIB | 570 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 570 insertions(+) create mode 100644 MIBS/dlink/DLINKSW-SSL-MIB (limited to 'MIBS/dlink/DLINKSW-SSL-MIB') diff --git a/MIBS/dlink/DLINKSW-SSL-MIB b/MIBS/dlink/DLINKSW-SSL-MIB new file mode 100644 index 0000000..36211ab --- /dev/null +++ b/MIBS/dlink/DLINKSW-SSL-MIB @@ -0,0 +1,570 @@ +-- ***************************************************************** +-- DLINKSW-SSL-MIB.mib : Secure Socket Layer MIB +-- +-- Copyright (c) 2016 D-Link Corporation, all rights reserved. +-- +-- ***************************************************************** + +-- MODIFICTION HISTORY: +-- ----------------------------------------------------------------------------- +-- +-- 2016/7/5, Eugene Song +-- Description: +-- [Modification] + -- [New Object] dSslServicePolicyVersions, Support for SSL/TLS version control. + -- ssl3_0(0), + -- tls1_0(1), + -- tls1_1(2), + -- tls1_2(3) + -- [Modification Object] dSslServicePolicyCipherSuites, Support for additional cipher suites: + -- rsaAes128CbcSha(5), + -- rsaAes256CbcSha(6), + -- rsaAes128CbcSha256(7), + -- rsaAes256CbcSha256(8), + -- dheDssAes256CbcSha(9), + -- dheRsaAes256CbcSha(10) +-- +-- Notes: Requested by Eugene Song and for DGS1510-R1.40. +------------------------------------------------------------------------------- + + +DLINKSW-SSL-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, + OBJECT-TYPE, + Integer32, + Unsigned32 + FROM SNMPv2-SMI + RowStatus, TruthValue,DisplayString + FROM SNMPv2-TC + OBJECT-GROUP, MODULE-COMPLIANCE + FROM SNMPv2-CONF + InetAddressType,InetAddress + FROM INET-ADDRESS-MIB + dlinkIndustrialCommon + FROM DLINK-ID-REC-MIB; + + + dlinkSwSslMIB MODULE-IDENTITY + LAST-UPDATED "201607050000Z" + ORGANIZATION "D-Link Corp." + CONTACT-INFO + " D-Link Corporation + + Postal: No. 289, Sinhu 3rd Rd., Neihu District, + Taipei City 114, Taiwan, R.O.C + Tel: +886-2-66000123 + E-mail: tsd@dlink.com.tw + " + DESCRIPTION + "This MIB module defines objects for Secure Socket Layer (SSL)." + + REVISION "201607050000Z" + DESCRIPTION + "1. Support for SSL/TLS version control. + 2. Support for additional Cipher suites: + rsaAes128CbcSha + rsaAes256CbcSha + rsaAes128CbcSha256 + rsaAes256CbcSha256 + dheDssAes256CbcSha + dheRsaAes256CbcSha" + + REVISION "201310300000Z" + DESCRIPTION + "This is the first version of the MIB file for 'SSL' + functionality." + ::= { dlinkIndustrialCommon 7} + +-- ----------------------------------------------------------------------------- + dlinkSslNotifications OBJECT IDENTIFIER ::= { dlinkSwSslMIB 0 } + dlinkSslObjects OBJECT IDENTIFIER ::= { dlinkSwSslMIB 1 } + dlinkSslConformance OBJECT IDENTIFIER ::= { dlinkSwSslMIB 2 } + +-- ----------------------------------------------------------------------------- + dSslCryptoPkiImportCertTable OBJECT-TYPE + SYNTAX SEQUENCE OF DSslCryptoPkiImportCertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of importing certificates and key pairs. There will at any + time be either 0 or 1 rows in this table, and the only valid index + for this table is 1. It is only a table so that we may take + advantage of the RowStatus textual convention for configuring the + importing parameters. + The row in this table is volatile; that is, it is lost if the SNMP + agent is rebooted." + ::= { dlinkSslObjects 1 } + + dSslCryptoPkiImportCertEntry OBJECT-TYPE + SYNTAX DSslCryptoPkiImportCertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The row in the dSslCryptoPkiImportCertTable containing the importing + parameters. + Once an entry has been activated, the importing parameters cannot be + modified. In order to use a new value, you need delete the old entry + and create a new one." + INDEX { dSslCryPkiImportCertIndex } + ::= { dSslCryptoPkiImportCertTable 1 } + + DSslCryptoPkiImportCertEntry ::= + SEQUENCE { + dSslCryPkiImportCertIndex Integer32, + dSslCryPkiImportCertTrustPoint DisplayString, + dSslCryPkiImportCertSrcType INTEGER, + dSslCryPkiImportFilename DisplayString, + dSslCryPkiImportCertAddrType InetAddressType, + dSslCryPkiImportCertAddr InetAddress, + dSslCryPkiImportFileType BITS, + dSslCryPkiImportPwdPhrase DisplayString, + dSslCryPkiImportErrorStatus DisplayString, + dSslCryPkiImportRowStatus RowStatus + } + + dSslCryPkiImportCertIndex OBJECT-TYPE + SYNTAX Integer32 (1) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index which uniquely identifies this row." + ::= { dSslCryptoPkiImportCertEntry 1 } + + dSslCryPkiImportCertTrustPoint OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the trustpoint to which the certificates and key pairs + will be imported." + DEFVAL { "" } + ::= { dSslCryptoPkiImportCertEntry 2 } + + dSslCryPkiImportCertSrcType OBJECT-TYPE + SYNTAX INTEGER { + filesystem(1), + tftp(2) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An indication of the source from where the certificates/key pairs + will be imported. + filesystem(1) - The certificates/key pairs will be imported from the + switch's file system. + tftp(2) - The certificates/key pairs will be imported via tftp." + DEFVAL { filesystem } + ::= { dSslCryptoPkiImportCertEntry 3 } + + dSslCryPkiImportFilename OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..64)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "If dSslCryPkiImportCertSrcType is 'filesystem', this object + indicates the file name and path of the importing certificate + and key pairs in switch's file system. The supported file systems + are project dependent. + If dSslCryPkiImportCertSrcType is 'tftp', this object indicates + the file name and path where the switch should import via TFTP + server. By default, the switch will appends this name with .ca, + .prv and .crt for CA certificate, private key and certificate + respectively." + ::= { dSslCryptoPkiImportCertEntry 4 } + + dSslCryPkiImportCertAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of address in the corresponding dSslCryPkiImportCertAddr + object. " + ::= { dSslCryptoPkiImportCertEntry 5 } + + dSslCryPkiImportCertAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The address of TFTP server." + ::= { dSslCryptoPkiImportCertEntry 6 } + + dSslCryPkiImportPwdPhrase OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..64)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the encrypted password phrase that is used to undo + encryption when the private keys are imported." + ::= { dSslCryptoPkiImportCertEntry 7 } + + dSslCryPkiImportFileType OBJECT-TYPE + SYNTAX BITS { + ca(0), + local(1)} + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An object indicates what kind of certificate will be imported. + Setting a type's bit to 1 means the type of certificate will + be imported. + ca (0) - Import CA certificate. + local (1) - Import local certificate and key pairs." +-- DEFVAL { {} } no bits set. + ::= { dSslCryptoPkiImportCertEntry 8 } + + dSslCryPkiImportErrorStatus OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the current status of the importing. + The status information includes: idle, in progress, success, aborted, + idle, corruptFile, no server...." + ::= { dSslCryptoPkiImportCertEntry 9 } + + dSslCryPkiImportRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this import entry. This object may not be set to + 'active' if the following columnar objects exist in this row: + dSslCryPkiImportCertTrustPoint, dSslCryPkiImportFilename, and + dSslCryPkiImportFileType. + Besides, if dSslCryPkiImportCertSrcType is 'tftp' the columnar + objects dSslCryPkiImportCertAddrType and dSslCryPkiImportCertAddr + must be configured." + ::= { dSslCryptoPkiImportCertEntry 10 } + +-- ----------------------------------------------------------------------------- + dSslConfiguration OBJECT IDENTIFIER ::= { dlinkSslObjects 2 } + + dSslCryptoPkiTrustpointTable OBJECT-TYPE + SYNTAX SEQUENCE OF DSslCryptoPkiTrustpointEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table defines and configures trustpoint(s) in the switch." + ::= { dSslConfiguration 1 } + + dSslCryptoPkiTrustpointEntry OBJECT-TYPE + SYNTAX DSslCryptoPkiTrustpointEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The row in the dSslCryptoPkiTrustpointTable containing the + trustpoint parameters. + An entry is created/removed when a name for a specific + trustpoint is generated or deleted via CLI or by issuing appropriate + sets to this table using snmp." + INDEX { dSslCryptoPkiTrustpointName } + ::= { dSslCryptoPkiTrustpointTable 1 } + + DSslCryptoPkiTrustpointEntry ::= + SEQUENCE { + dSslCryptoPkiTrustpointName DisplayString, + dSslCryptoPkiTrustpointPrimary TruthValue, + dSslCryptoPkiTrustpointRowStatus RowStatus } + + dSslCryptoPkiTrustpointName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Name of the trustpoint for which this entry pertains to." + ::= { dSslCryptoPkiTrustpointEntry 1 } + + dSslCryptoPkiTrustpointPrimary OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies a given trustpoint as primary. + This trustpoint can be used as default trustpoint when + the application doesn't explicitly specify which certificate + authority (CA) trustpoint should be used. + + Only one trustpoint can be specified as primary. That is the + last trustpoint you specify as primary will overwrite the + previous one." + DEFVAL { false } + ::= { dSslCryptoPkiTrustpointEntry 2 } + + dSslCryptoPkiTrustpointRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Status of this trustpoint." + ::= { dSslCryptoPkiTrustpointEntry 3 } + +-- ----------------------------------------------------------------------------- + dSslCryptoPkiCertTable OBJECT-TYPE + SYNTAX SEQUENCE OF DSslCryptoPkiCertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table manages CA certificate(s) or the switch + certificate(s) and keys." + ::= { dSslConfiguration 2 } + + dSslCryptoPkiCertEntry OBJECT-TYPE + SYNTAX DSslCryptoPkiCertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The row in the dSslCryptoPkiCertTable containing the + parameters of a certificate. + An entry in this table appears automatically whenever + the certificate or keypairs is imported successfully. + An entry is removed when a certificate name is deleted + via CLI or by issuing appropriate sets to this table using snmp." + INDEX { dSslCryptoPkiTrustpointName,dSslCryptoPkiCertName } + ::= { dSslCryptoPkiCertTable 1 } + + DSslCryptoPkiCertEntry ::= + SEQUENCE { + dSslCryptoPkiCertName DisplayString, + dSslCryptoPkiCertCAType INTEGER, + dSslCryptoPkiCertRemoveCtrl INTEGER } + + dSslCryptoPkiCertName OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the name of the certificate for which this entry + pertains to." + ::= { dSslCryptoPkiCertEntry 1 } + + dSslCryptoPkiCertCAType OBJECT-TYPE + SYNTAX INTEGER { + ca(1), + localCertificate(2), + localPrivateKey(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object specifies the type of the certificate. + ca(1) - CA certificate. + localCertificate(2) - local certificate. + localPrivateKey(3) - local private key." + ::= { dSslCryptoPkiCertEntry 2 } + + dSslCryptoPkiCertRemoveCtrl OBJECT-TYPE + SYNTAX INTEGER { + delete(1), + noOp(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to delete this entry. + No action is taken if this object is set to 'noOp'. + When read, the value 'noOp' is returned." + ::= { dSslCryptoPkiCertEntry 3 } + +-- ----------------------------------------------------------------------------- + dSslServicePolicyTable OBJECT-TYPE + SYNTAX SEQUENCE OF DSslServicePolicyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table controlls the parameters of SSL service policies." + ::= { dSslConfiguration 3 } + + dSslServicePolicyEntry OBJECT-TYPE + SYNTAX DSslServicePolicyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The row in the dSslServicePolicyTable containing the + parameters of a SSL service policy. + + An entry is created/removed when a name for a specific + policy is generated or deleted via CLI or by issuing appropriate + sets to this table using snmp." + INDEX { dSslServicePolicyName } + ::= { dSslServicePolicyTable 1 } + + DSslServicePolicyEntry ::= + SEQUENCE { + dSslServicePolicyName DisplayString, + dSslServicePolicyVersions BITS, + dSslServicePolicyCipherSuites BITS, + dSslServicePolicyTrustpoint DisplayString, + dSslServicePolicyCacheTimeout Unsigned32, + dSslServicePolicyRowStatus RowStatus } + + dSslServicePolicyName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the name of the policy for which this entry pertains to." + ::= { dSslServicePolicyEntry 1 } + + dSslServicePolicyCipherSuites OBJECT-TYPE + SYNTAX BITS { + dheDss3DesEdeCbcSha(0), + rsa3desEdeCbcSha(1), + rsaRc4128Sha(2), + rsaRc4128Md5(3), + rsaExportRc440Md5(4), + rsaAes128CbcSha(5), + rsaAes256CbcSha(6), + rsaAes128CbcSha256(7), + rsaAes256CbcSha256(8), + dheDssAes256CbcSha(9), + dheRsaAes256CbcSha(10) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates a ciphersuite should be used by the secure + service when negotiating a connection with a remote peer. Setting + a ciphersuite's bit to 1 enables the ciphersuite. Setting this bit + to 0 disables it. + + dheDss3DesEdeCbcSha(0): Uses ephemeral Diffie-Hellman key exchange with 3DES-EDE-CBC + encryption and SHA for message digest. + + rsa3desEdeCbcSha(1): Uses RSA key exchange with 3DES-EDE-CBC for + message encryption and SHA for message digest. + + rsaRc4128Sha(2): Uses RSA key exchange with RC4 128-bit + encryption for message encryption and SHA for message digest. + + rsaRc4128Md5(3): Uses RSA key exchange with RC4 128-bit + encryption for message encryption and MD5 for message digest. + + rsaExportRc440Md5(4): Uses RSA EXPORT key exchange with RC4 40 + bits for message encryption and MD5 for message digest. + + rsaAes128CbcSha(5): Uses RSA key exchange with AES 128 + bits for message encryption and SHA for message digest. + + rsaAes256CbcSha(6): Uses RSA exchange with AES 256 + bits for message encryption and SHA for message digest. + + rsaAes128CbcSha256(7): Uses RSA key exchange with AES 128 + bits for message encryption and SHA256 for message digest. + + rsaAes256CbcSha256(8): Uses RSA key exchange with AES 256 + bits for message encryption and SHA256 for message digest. + + dheDssAes256CbcSha(9): Uses ephemeral Diffie-Hellman key exchange with AES 256 + bits for message encryption and SHA for message digest. + + dheRsaAes256CbcSha(10): Uses ephemeral Diffie-Hellman key exchange with AES 256 + bits for message encryption and SHA for message digest." +-- DEFVAL { { dheDss3DesEdeCbcSha, rsa3desEdeCbcSha, rsaRc4128Sha, +-- rsaRc4128Md5, rsaExportRc440Md5 } } + ::= { dSslServicePolicyEntry 2} + + + dSslServicePolicyTrustpoint OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the name of the trustpoint that should be used in SSL + handshake. + + When secure-trustpoint is not specified, the primary trustpoint + (the value of dSslCryptoPkiTrustpointPrimary is 'true') will be + used. + + If no trustpoint is specified (empty string), the built-in + certificate/key pairs will be used." + ::= { dSslServicePolicyEntry 3 } + + dSslServicePolicyCacheTimeout OBJECT-TYPE + SYNTAX Unsigned32 (60..86400) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the Cache Timeout value in the policy for + SSL module to refresh the session resume data kept in database." + DEFVAL { 600 } + ::= { dSslServicePolicyEntry 4} + + dSslServicePolicyRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Status of this policy." + ::= { dSslServicePolicyEntry 5 } + + dSslServicePolicyVersions OBJECT-TYPE + SYNTAX BITS { + ssl3_0(0), + tls1_0(1), + tls1_1(2), + tls1_2(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the SSL or TLS versions are enabled or not in the system. + If the bit is 1 , indicate that version is enabled , else is disabled ." + ::= { dSslServicePolicyEntry 6 } + +-- ----------------------------------------------------------------------------- +-- Conformance +-- ----------------------------------------------------------------------------- + dlinkSslCompliances OBJECT IDENTIFIER ::= { dlinkSslConformance 1 } + + dlinkSslGroups OBJECT IDENTIFIER ::= { dlinkSslConformance 2 } + + dlinkSslCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement the + DLINKSW-SSL-MIB." + MODULE MANDATORY-GROUPS { + dSslImportCertGroup, + dSslTrustPointConfigGroup, + dSslServicePolicyGroup } + ::= { dlinkSslCompliances 1 } + + dSslImportCertGroup OBJECT-GROUP + OBJECTS { + dSslCryPkiImportCertTrustPoint, + dSslCryPkiImportCertSrcType, + dSslCryPkiImportFilename, + dSslCryPkiImportCertAddrType, + dSslCryPkiImportCertAddr, + dSslCryPkiImportPwdPhrase, + dSslCryPkiImportFileType, + dSslCryPkiImportErrorStatus, + dSslCryPkiImportRowStatus } + STATUS current + DESCRIPTION + "A collection of objects for manage importing certificates and key pairs." + ::= { dlinkSslGroups 1 } + + dSslTrustPointConfigGroup OBJECT-GROUP + OBJECTS { + dSslCryptoPkiTrustpointPrimary, + dSslCryptoPkiTrustpointRowStatus, + dSslCryptoPkiCertCAType, + dSslCryptoPkiCertRemoveCtrl } + STATUS current + DESCRIPTION + "A collection of objects for manage trustpoints and certificates and key pairs." + ::= { dlinkSslGroups 2 } + + dSslServicePolicyGroup OBJECT-GROUP + OBJECTS { + dSslServicePolicyCipherSuites, + dSslServicePolicyTrustpoint, + dSslServicePolicyCacheTimeout, + dSslServicePolicyRowStatus } + STATUS current + DESCRIPTION + "A collection of objects for manage trustpoints and certificates and key pairs." + ::= { dlinkSslGroups 3 } +END \ No newline at end of file -- cgit v1.2.3