 --**MOD+***********************************************************************
 -- Module:   hpicfTlsMin.mib
 --
 -- Copyright (C) 2017-2020 Hewlett Packard Enterprise Development LP
 -- All Rights Reserved.
 --
 -- The contents of this software are proprietary and confidential
 -- to the Hewlett Packard Enterprise Development LP.  No part of this
 -- program may be photocopied, reproduced, or translated into another
 -- programming language without prior written consent of the
 -- Hewlett Packard Enterprise Development LP.
 --
 -- Purpose:  Defining proprietary MIB objects for TLS.
 --
 --MOD-***********************************************************************/

HP-ICF-TLS-MIN-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        hpSwitch
            FROM HP-ICF-OID
        OBJECT-GROUP, MODULE-COMPLIANCE
            FROM SNMPv2-CONF 
        OBJECT-TYPE, MODULE-IDENTITY
            FROM SNMPv2-SMI
        TruthValue, RowStatus
            FROM SNMPv2-TC;
 
    hpicfTlsMinMIB MODULE-IDENTITY
 
        LAST-UPDATED "202002240900Z"     --Feb 24, 2020
        ORGANIZATION "HP Networking"
        CONTACT-INFO "Hewlett-Packard Enterprise Company
                      8000 Foothills Blvd.
                      Roseville, CA 95747"

   DESCRIPTION
           "Added object hpicfTlsStrictRfc5424, this object is used to
           configure the rfc5424-strict option for TLS in syslog to
           conform with the RFC 5424 standard."

        REVISION     "202002240900Z"     -- Feb 24, 2020

	DESCRIPTION
	   "This MIB module describes objects for enforcing TLS minimum
           version enforcement and ciphersuire enforcement in the HP
           Integrated Communication Facility product line."

        REVISION     "201705110900Z"     -- May 11, 2017
        DESCRIPTION
           "Modified cipher names listed for hpicfTlsMinCipher."

	REVISION     "201704050900Z"     -- April 05, 2017
        DESCRIPTION
           "Added new mib object hpicfTlsMinCipherConfig in hpicfTlsMinCipherTable
           to enforce or disable cipher. Modified index values allowed for
           hpicfTlsMinCipher."

	REVISION     "201606220900Z"     -- June 22, 2016 
        DESCRIPTION
           "Added new app type cloud to hpicfTlsMinApp."

	REVISION     "201410010900Z"     -- Oct 1, 2014 
        DESCRIPTION
           "Initial version of TLS Minimum MIB module."

        ::= { hpSwitch 112 }

 
    ---
    --- Node definitions
    ---

    hpicfTlsMinObjects       OBJECT IDENTIFIER ::= { hpicfTlsMinMIB 0 }
    hpicfTlsMinConformance   OBJECT IDENTIFIER ::= { hpicfTlsMinMIB 1 }
    -- hpicfTlsMinNotifications OBJECT IDENTIFIER ::= { hpicfTlsMinMIB 2 }
   

    hpicfTlsMinConfigObjects OBJECT IDENTIFIER ::= { hpicfTlsMinObjects 1 }
    -- hpicfTlsMinStatsObjects  OBJECT IDENTIFIER ::= { hpicfTlsMinObjects 2 }


    ---
    --- Scalar configuration objects
    ---

    -- hpicfTlsMinScalarConfig OBJECT IDENTIFIER ::= { hpicfTlsMinConfigObjects 0 }

    ---
    --- tls-minimum table
    ---
    hpicfTlsMinTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF HpicfTlsMinEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION 
	    "A table of minimum TLS version objects"
        ::= { hpicfTlsMinConfigObjects 1 }

    hpicfTlsMinEntry OBJECT-TYPE
        SYNTAX          HpicfTlsMinEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION 
	    "An entry in the hpicfTlsMinTable."
        INDEX           { hpicfTlsMinApp }
        ::= { hpicfTlsMinTable 1 }

    HpicfTlsMinEntry ::= SEQUENCE {
        hpicfTlsMinApp           INTEGER, 
        hpicfTlsMinVersion       INTEGER,
        hpicfTlsMinCloseSSLSess  TruthValue,
        hpicfTlsMinRowStatus     RowStatus,
        hpicfTlsStrictRfc5424    TruthValue
    }

    hpicfTlsMinApp OBJECT-TYPE
        SYNTAX          INTEGER {
                            webSsl(1),
                            openflow(2),
                            syslog(3),
                            tr69(4),
                            cloud(5),
                            radsec(6)
                        }
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION 
            "This object specifies the application for which the minimum 
             TLS version and cipher suite is enforced."
        ::= { hpicfTlsMinEntry 1 }

    hpicfTlsMinVersion OBJECT-TYPE
        SYNTAX          INTEGER {
                            tls1dot0(1),
                            tls1dot1(2),
                            tls1dot2(3)
                        }
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION 
            "This object specifies the minimum TLS version enforced. The 
             default value for this attribute will be TLS1.1"
        ::= { hpicfTlsMinEntry 2 }

    hpicfTlsMinCloseSSLSess OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION 
            "This object specifies whether or not to close existing 
             SSL sessions. Setting this attribute to TRUE will close all
             existing SSL sessions. Setting this attribute to FALSE will
             not have any effect."
        ::= { hpicfTlsMinEntry 3 } 

    hpicfTlsMinRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION 
        "Status of this row, by which new entries may be created
         or existing entries deleted from this table."

        ::= { hpicfTlsMinEntry 4 } 

    hpicfTlsStrictRfc5424 OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "Configure the rfc5424-strict option for TLS in syslog to conform with the
         RFC 5424 standard."
        DEFVAL { false }

        ::= { hpicfTlsMinEntry 5 }

    ---
    --- Cipher suites table
    ---

    hpicfTlsMinCipherTable OBJECT-TYPE
        SYNTAX             SEQUENCE OF HpicfTlsMinCipherEntry
        MAX-ACCESS         not-accessible
        STATUS             current
        DESCRIPTION
           "A table that contains a list of cipher suites that
            can be enforced or disabled for various applications."

        ::= { hpicfTlsMinConfigObjects 2 }

    hpicfTlsMinCipherEntry OBJECT-TYPE
        SYNTAX          HpicfTlsMinCipherEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
           "An entry in the hpicfTlsMinTable that lists the lowest 
            TLS version and cipher suites enforced or disabled
            for each application."

        INDEX           {hpicfTlsMinApp, hpicfTlsMinCipher }
        ::= { hpicfTlsMinCipherTable 1 }

    HpicfTlsMinCipherEntry ::= SEQUENCE {
        hpicfTlsMinCipher              INTEGER,
        hpicfTlsMinCipherRowStatus     RowStatus,
        hpicfTlsMinCipherConfig        INTEGER
    }

    hpicfTlsMinCipher OBJECT-TYPE
        SYNTAX          INTEGER {
                            aes256Sha256(1),
                            aes256Sha(2),
                            aes128Sha256(3),
                            aes128Sha(4),
                            des3CbcSha(5),
                            aes256GcmSha384(6),
                            aes128GcmSha256(7),
                            ecdhEcdsaAes256GcmSha384(8),
                            ecdhRsaAaes256GcmSha384(9),
                            ecdhEcdsaAes128GcmSha256(10),
                            ecdhRsaAes128GcmSha256(11),
                            ecdhEcdsaAes256Sha384(12),
                            ecdhRsaAes256Sha384(13),
                            ecdhEcdsaAes256Sha(14),
                            ecdhRsaAes256Sha(15),
                            ecdhEcdsaAes128Sha256(16),
                            ecdhRsaAes128Sha256(17),
                            ecdhEcdsaAes128Sha(18),
                            ecdhRsaAes128Sha(19),
                            ecdhEcdsaDesCbc3Sha(20),
                            ecdhRsaDesCbc3Sha(21),
                            ecdheEcdsaAes128GcmSha256(22),
                            ecdheRsaAes128GcmSha256(23),
                            ecdheEcdsaAes128Sha256(24),
                            ecdheRsaAes128Sha256(25),
                            ecdheEcdsaAes128Sha(26),
                            ecdheRsaAes128Sha(27),
                            ecdheEcdsaAes256GcmSha384(28),
                            ecdheRsaAes256GcmSha384(29),
                            ecdheEcdsaAes256Sha384(30),
                            ecdheRsaAes256Sha384(31),
                            ecdheEcdsaAes256Sha(32),
                            ecdheRsaAes256Sha(33),
                            ecdheEcdsaDesCbc3Sha(34),
                            ecdheRsaDesCbc3Sha(35),
                            all(36)

                        }
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "This object specifies the cipher suite enforced for applications."
        ::= { hpicfTlsMinCipherEntry 1 }

    hpicfTlsMinCipherRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
        "Status of this row, by which new entries may be created
         or existing entries deleted from this table."
        ::= { hpicfTlsMinCipherEntry 2 }

    hpicfTlsMinCipherConfig OBJECT-TYPE
        SYNTAX          INTEGER {
                            enforce(1),
                            disable(2)
                        }
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
        "This object has to be configured to enforce or disable  cipher
         suite for applications."
        ::= { hpicfTlsMinCipherEntry 3 }


    --- ------------------------------------------------------------
    --- Conformance
    --- ------------------------------------------------------------

    hpicfTlsMinCompliances OBJECT IDENTIFIER ::= { hpicfTlsMinConformance 1 }
    hpicfTlsMinGroups OBJECT IDENTIFIER ::= { hpicfTlsMinConformance 2 }

    hpicfTlsMinCompliance1 MODULE-COMPLIANCE
    STATUS          deprecated
    DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
            hpicfTlsMinConfigGroup
        }
        ::= { hpicfTlsMinCompliances 1 }

    --- units of conformance

    hpicfTlsMinConfigGroup OBJECT-GROUP
        OBJECTS    {
            hpicfTlsMinVersion,
            hpicfTlsMinCloseSSLSess,
            hpicfTlsMinRowStatus,
            hpicfTlsMinCipherRowStatus
        }
        STATUS deprecated
        DESCRIPTION
            "A collection of objects providing configuration for
             TLS minimum version and cipher suite enforcement for an app."            
        ::= { hpicfTlsMinGroups 1 }

    hpicfTlsMinCompliance2 MODULE-COMPLIANCE
    STATUS          deprecated
    DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
            hpicfTlsMinConfigGroup1
        }
        ::= { hpicfTlsMinCompliances 2 }

    --- units of conformance

    hpicfTlsMinConfigGroup1 OBJECT-GROUP
        OBJECTS    {
            hpicfTlsMinVersion,
            hpicfTlsMinCloseSSLSess,
            hpicfTlsMinRowStatus,
            hpicfTlsMinCipherRowStatus,
            hpicfTlsMinCipherConfig
        }
        STATUS deprecated
        DESCRIPTION
            "A collection of objects providing configuration for
             TLS minimum version and cipher suite enforcement for an app."
        ::= { hpicfTlsMinGroups 2 }

    hpicfTlsMinCompliance3 MODULE-COMPLIANCE
    STATUS          deprecated
    DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
            hpicfTlsMinConfigGroup2
        }
        ::= { hpicfTlsMinCompliances 3 }

    --- units of conformance

    hpicfTlsMinConfigGroup2 OBJECT-GROUP
        OBJECTS    {
            hpicfTlsMinVersion,
            hpicfTlsMinCloseSSLSess,
            hpicfTlsMinRowStatus,
            hpicfTlsMinCipherRowStatus,
            hpicfTlsMinCipherConfig
        }
        STATUS deprecated
        DESCRIPTION
            "A collection of objects providing configuration for
             TLS minimum version and cipher suite enforcement for an app."
        ::= { hpicfTlsMinGroups 3 }

    hpicfTlsMinCompliance4 MODULE-COMPLIANCE
        STATUS          current
        DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
            hpicfTlsMinConfigGroup3
        }
         ::= { hpicfTlsMinCompliances 4 }

    --- units of conformance

    hpicfTlsMinConfigGroup3 OBJECT-GROUP
        OBJECTS    {
            hpicfTlsMinVersion,
            hpicfTlsMinCloseSSLSess,
            hpicfTlsMinRowStatus,
            hpicfTlsMinCipherRowStatus,
            hpicfTlsMinCipherConfig,
            hpicfTlsStrictRfc5424
        }
        STATUS current
        DESCRIPTION
            "A collection of objects providing configuration for
            TLS minimum version and cipher suite enforcement for an app."
        ::= { hpicfTlsMinGroups 4 }


END 
