:source: fmgd_firewall_vip6_sslserverciphersuites.py :orphan: .. _fmgd_firewall_vip6_sslserverciphersuites: fmgd_firewall_vip6_sslserverciphersuites -- SSL/TLS cipher suites to offer to a server, ordered by priority. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.1.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiManager device. - Examples include all parameters and values need to be adjusted to data sources before usage. - Tested with FortiManager v7.x. Requirements ------------ The below requirements are needed on the host that executes this module. - ansible-core>=2.16.0 FortiManager Version Compatibility ---------------------------------- .. raw:: html

Supported Version Ranges: v7.4.8 -> v7.4.10, v7.6.4 -> latest

Parameters ---------- .. raw:: html

access_token -The token to access FortiManager without using username and password. type: str required: false
bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
enable_log - Enable/Disable logging for task. type: bool required: false default: False
forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
state - The directive to create, update or delete an object type: str required: true choices: present, absent
workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
device - The parameter in requested url type: str required: true
vdom - The parameter in requested url type: str required: true
vip6 - The parameter in requested url type: str required: true
firewall_vip6_sslserverciphersuites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: dict

cipher Cipher suite name. type: str choices: [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA] more...

Supported Version Ranges: v7.4.8 -> v7.4.10, v7.6.4 -> latest
priority Ssl/tls cipher suites priority. type: int more...

Supported Version Ranges: v7.4.8 -> v7.4.10, v7.6.4 -> latest
versions Ssl/tls versions that the cipher suite can be used with. type: list choices: [ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3] more...

Supported Version Ranges: v7.4.8 -> v7.4.10, v7.6.4 -> latest

Notes ----- .. note:: - Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work. - To create or update an object, use state: present directive. - To delete an object, use state: absent directive - Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded Examples -------- .. code-block:: yaml+jinja - name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi gather_facts: false vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: SSL/TLS cipher suites to offer to a server, ordered by priority. fortinet.fmgdevice.fmgd_firewall_vip6_sslserverciphersuites: # bypass_validation: false # workspace_locking_adom: # workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] device: vdom: vip6: state: present # firewall_vip6_sslserverciphersuites: # cipher: # priority: # versions: # - "ssl-3.0" # - "tls-1.0" # - "tls-1.1" # - "tls-1.2" # - "tls-1.3" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html

meta - The result of the request.returned: always type: dict

request_url - The full url requested. returned: always type: str sample: /sys/login/user
response_code - The status of api request. returned: always type: int sample: 0
response_data - The data body of the api response. returned: optional type: list or dict
response_message - The descriptive message of the api response. returned: always type: str sample: OK
system_information - The information of the target system. returned: always type: dict

rc - The status the request. returned: always type: int sample: 0
version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Xinwei Du (@dux-fortinet) - Xing Li (@lix-fortinet) - Jie Xue (@JieX19) - Link Zheng (@chillancezen) - Frank Shen (@fshen01) - Hongbin Lu (@fgtdev-hblu)