ietf-tls-client

This module defines reusable groupings for TLS clients that can be used as a basis for specific TLS client instances. The key w...

  • Version: 2024-10-10

    ietf-tls-client@2024-10-10


    
  module ietf-tls-client {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-tls-client";

    prefix tlsc;

    import ietf-netconf-acm {
      prefix nacm;
      reference
        "RFC 8341: Network Configuration Access Control Model";


    }
    import ietf-crypto-types {
      prefix ct;
      reference
        "RFC 9640: YANG Data Types and Groupings for Cryptography";


    }
    import ietf-truststore {
      prefix ts;
      reference
        "RFC 9641: A YANG Data Model for a Truststore";


    }
    import ietf-keystore {
      prefix ks;
      reference
        "RFC 9642: A YANG Data Model for a Keystore";


    }
    import ietf-tls-common {
      prefix tlscmn;
      reference
        "RFC 9645: YANG Groupings for TLS Clients and TLS Servers";


    }

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG List:  NETCONF WG list <mailto:netconf@ietf.org>
     WG Web:   https://datatracker.ietf.org/wg/netconf
     Author:   Kent Watsen <mailto:kent+ietf@watsen.net>
     Author:   Jeff Hartley <mailto:intensifysecurity@gmail.com>";

    description
      "This module defines reusable groupings for TLS clients that
     can be used as a basis for specific TLS client instances.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
     'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
     'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
     are to be interpreted as described in BCP 14 (RFC 2119)
     (RFC 8174) when, and only when, they appear in all
     capitals, as shown here.

     Copyright (c) 2024 IETF Trust and the persons identified
     as authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with
     or without modification, is permitted pursuant to, and
     subject to the license terms contained in, the Revised
     BSD License set forth in Section 4.c of the IETF Trust's
     Legal Provisions Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC 9645
     (https://www.rfc-editor.org/info/rfc9645); see the RFC
     itself for full legal notices.";

    revision "2024-10-10" {
      description "Initial version";
      reference
        "RFC 9645: YANG Groupings for TLS Clients and TLS Servers";

    }


    feature tls-client-keepalives {
      description
        "Per-socket TLS keepalive parameters are configurable for
       TLS clients on the server implementing this feature.";
    }

    feature client-ident-x509-cert {
      description
        "Indicates that the client supports identifying itself
       using X.509 certificates.";
      reference
        "RFC 5280:
          Internet X.509 Public Key Infrastructure Certificate
          and Certificate Revocation List (CRL) Profile";

    }

    feature client-ident-raw-public-key {
      description
        "Indicates that the client supports identifying itself
       using raw public keys.";
      reference
        "RFC 7250:
          Using Raw Public Keys in Transport Layer Security (TLS)
          and Datagram Transport Layer Security (DTLS)";

    }

    feature client-ident-tls12-psk {
      if-feature tlscmn:tls12;
      description
        "Indicates that the client supports identifying itself
       using TLS 1.2 PSKs (pre-shared or pairwise symmetric keys).";
      reference
        "RFC 4279:
          Pre-Shared Key Ciphersuites for Transport Layer Security
          (TLS)";

    }

    feature client-ident-tls13-epsk {
      if-feature tlscmn:tls13;
      description
        "Indicates that the client supports identifying itself
       using TLS 1.3 External PSKs (pre-shared keys).";
      reference
        "RFC 8446:
          The Transport Layer Security (TLS) Protocol Version 1.3";

    }

    feature server-auth-x509-cert {
      description
        "Indicates that the client supports authenticating servers
       using X.509 certificates.";
      reference
        "RFC 5280:
          Internet X.509 Public Key Infrastructure Certificate
          and Certificate Revocation List (CRL) Profile";

    }

    feature server-auth-raw-public-key {
      description
        "Indicates that the client supports authenticating servers
       using raw public keys.";
      reference
        "RFC 7250:
          Using Raw Public Keys in Transport Layer Security (TLS)
          and Datagram Transport Layer Security (DTLS)";

    }

    feature server-auth-tls12-psk {
      description
        "Indicates that the client supports authenticating servers
       using PSKs (pre-shared or pairwise symmetric keys).";
      reference
        "RFC 4279:
          Pre-Shared Key Ciphersuites for Transport Layer Security
          (TLS)";

    }

    feature server-auth-tls13-epsk {
      description
        "Indicates that the client supports authenticating servers
       using TLS 1.3 External PSKs (pre-shared keys).";
      reference
        "RFC 8446:
          The Transport Layer Security (TLS) Protocol Version 1.3";

    }
  }  // module ietf-tls-client

© 2024 YumaWorks, Inc. All rights reserved.