Public/Set-NSSSLProfile.ps1
<#
Copyright 2016 Iain Brighton Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> function Set-NSSSLProfile { <# .SYNOPSIS Updates an existing SSL profile. .DESCRIPTION Updates an existing SSL profile. .PARAMETER Session The NetScaler session object. .PARAMETER Name Name of the SSL profile .PARAMETER SSL2 State of SSLv2 protocol support for the SSL profile. Default value: DISABLED .PARAMETER SSL3 State of SSLv3 protocol support for the SSL profile. Default value: ENABLED .PARAMETER TLS1 State of TLSv1.0 protocol support for the SSL profile. Default value: ENABLED .PARAMETER TLS11 State of TLSv1.1 protocol support for the SSL profile. Default value: ENABLED .PARAMETER TLS12 State of TLSv1.2 protocol support for the SSL profile. Default value: ENABLED .PARAMETER DenySslRenegotiation Deny renegotiation in specified circumstances. .PARAMETER DH State of Diffie-Hellman (DH) key exchange. Default value: DISABLED .PARAMETER DHFile Name of and, optionally, path to the DH parameter file, in PEM format, to be installed. /nsconfig/ssl/ is the default path. .PARAMETER DHCount Number of interactions, between the client and the NetScaler appliance, after which the DH private-public pair is regenerated. A value of zero (0) specifies infinite use (no refresh). .PARAMETER DHKeyExpSizeLimit This option enables the use of NIST recommended (NIST Special Publication 800-56A) bit size for private-key size. For example, for DH params of size 2048bit, the private-key size recommended is 224bits. This is rounded-up to 256bits. Default value: DISABLED .PARAMETER ProfileType Type of profile. Front end profiles apply to the entity that receives requests from a client. Backend profiles apply to the entity that sends client requests to a server. Default value: FrontEnd .PARAMETER DenySslRenegotiation Deny renegotiation in specified circumstances. Default value: All .EXAMPLE Set-NSSSLProfile -ProfileName "Secure_SSL_Profile" -SSL3 $false Disables the SSLv3 protocol in the SSL profile named "Secure_SSL_Profile" .EXAMPLE Set-NSSSLProfile -ProfileName "Secure_SSL_Profile" -DenySslRenegotiation 'ALL' -PassThru Disables the SSL renegotiation in the SSL profile named "Secure_SSL_Profile" and returns the updated object. .PARAMETER Force Suppress confirmation when updating a SSL profile. .PARAMETER Passthru Return the load balancer server object. #> [cmdletbinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')] param( $Session = $script:session, [parameter(Mandatory)] [string]$Name, [ValidateSet('NO','FRONTEND_CLIENT','FRONTENT_CLIENTSERVER','ALL','NONSECURE')] [string]$DenySslRenegotiation, [ValidateSet('FrontEnd','BackEnd')] [string]$ProfileType, [ValidateSet('ENABLED','DISABLED')] [string]$SSL2, [ValidateSet('ENABLED','DISABLED')] [string]$SSL3, [ValidateSet('ENABLED','DISABLED')] [string]$TLS1, [ValidateSet('ENABLED','DISABLED')] [string]$TLS11, [ValidateSet('ENABLED','DISABLED')] [string]$TLS12, [ValidateSet('ENABLED','DISABLED')] [string]$DH, [string]$DHFile, [ValidateRange(0,65534)] [int]$DHCount, [ValidateSet('ENABLED','DISABLED')] [string]$DHKeyExpSizeLimit, [switch]$Force, [switch]$PassThru ) begin { _AssertSessionActive } process { if ($Force -or $PSCmdlet.ShouldProcess($Name, 'Edit SSL Profile')) { try { $params = @{ name = $Name } if ($PSBoundParameters.ContainsKey('DenySslRenegotiation')) { $params.Add('denysslreneg', $DenySslRenegotiation) } if ($PSBoundParameters.ContainsKey('SSL2')) { $params.Add('ssl2', $SSL2) } if ($PSBoundParameters.ContainsKey('SSL3')) { $params.Add('ssl3', $SSL3) } if ($PSBoundParameters.ContainsKey('TLS1')) { $params.Add('tls1', $TLS1) } if ($PSBoundParameters.ContainsKey('TLS11')) { $params.Add('tls11', $TLS11) } if ($PSBoundParameters.ContainsKey('TLS12')) { $params.Add('tls12', $TLS12) } if ($PSBoundParameters.ContainsKey('DH')) { $params.Add('dh', $DH) } if ($PSBoundParameters.ContainsKey('DHFile')) { $params.Add('dhfile', $DHFile) } if ($PSBoundParameters.ContainsKey('DHCount')) { $params.Add('dhcount', $DHCount) } if ($PSBoundParameters.ContainsKey('DHKeyExpSizeLimit')) { $params.Add('dhkeyexpsizelimit', $DHKeyExpSizeLimit) } _InvokeNSRestApi -Session $Session -Method PUT -Type sslprofile -Payload $params if ($PSBoundParameters.ContainsKey('PassThru')) { return Get-NSSSLProfile -Session $Session -Name $Name } } catch { throw $_ } } } } |