module ietf-tls-server { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server"; prefix "tlss"; import ietf-tls-common { prefix tlscmn; revision-date 2017-10-30; // stable grouping definitions reference "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; } import ietf-keystore { prefix ks; reference "RFC YYYY: Keystore Model"; } organization "IETF NETCONF (Network Configuration) Working Group"; contact "WG Web: WG List: Author: Kent Watsen Author: Gary Wu "; description "This module defines a reusable grouping for a TLS server that can be used as a basis for specific TLS server instances. Copyright (c) 2017 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision "2017-10-30" { description "Initial version"; reference "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; } // features feature tls-server-hello-params-config { description "TLS hello message parameters are configurable on a TLS server."; } // groupings grouping tls-server-grouping { description "A reusable grouping for configuring a TLS server without any consideration for how underlying TCP sessions are established."; container server-identity { description "The list of certificates the TLS server will present when establishing a TLS connection in its Certificate message, as defined in Section 7.4.2 in RFC 5246."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; uses ks:private-key-grouping; uses ks:certificate-grouping; } container client-auth { description "A reference to a list of pinned certificate authority (CA) certificates and a reference to a list of pinned client certificates."; leaf pinned-ca-certs { type ks:pinned-certificates; description "A reference to a list of certificate authority (CA) certificates used by the TLS server to authenticate TLS client certificates. A client certificate is authenticated if it has a valid chain of trust to a configured pinned CA certificate."; } leaf pinned-client-certs { type ks:pinned-certificates; description "A reference to a list of client certificates used by the TLS server to authenticate TLS client certificates. A clients certificate is authenticated if it is an exact match to a configured pinned client certificate."; } } container hello-params { if-feature tls-server-hello-params-config; uses tlscmn:hello-params-grouping; description "Configurable parameters for the TLS hello message."; } } // end tls-server-grouping }