Class: Aws::NetworkFirewall::Types::CheckCertificateRevocationStatusActions

Inherits:

Struct

• Object
• Struct
• Aws::NetworkFirewall::Types::CheckCertificateRevocationStatusActions

Defined in:

gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb

Overview

Defines the actions to take on the SSL/TLS connection if the certificate presented by the server in the connection has a revoked or unknown status.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #revoked_status_action ⇒ String

  Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.

• #unknown_status_action ⇒ String

  Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.

Instance Attribute Details

#revoked_status_action ⇒ String

Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.

• PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.

• DROP - Network Firewall closes the connection and drops subsequent packets for that connection.

• REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection. REJECT is available only for TCP traffic.

Returns:

• (String)

# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 464

class CheckCertificateRevocationStatusActions < Struct.new(
  :revoked_status_action,
  :unknown_status_action)
  SENSITIVE = []
  include Aws::Structure
end

#unknown_status_action ⇒ String

Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.

• PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.

• DROP - Network Firewall closes the connection and drops subsequent packets for that connection.

• REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection. REJECT is available only for TCP traffic.

Returns:

• (String)

# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 464

class CheckCertificateRevocationStatusActions < Struct.new(
  :revoked_status_action,
  :unknown_status_action)
  SENSITIVE = []
  include Aws::Structure
end