Class: Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb

Overview

The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.

Defined Under Namespace

Modules: Profile, TlsVersion

Instance Attribute Summary collapse

Instance Attribute Details

#ca_pool::String

Returns Required. A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".

Returns:

  • (::String)

    Required. A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#create_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp when the resource was created.

Returns:



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#custom_tls_features::Array<::String>

Returns Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The [compute.SslPoliciesService.ListAvailableFeatures][] method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.

Returns:

  • (::Array<::String>)

    Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The [compute.SslPoliciesService.ListAvailableFeatures][] method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#description::String

Returns Optional. Free-text description of the resource.

Returns:

  • (::String)

    Optional. Free-text description of the resource.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#exclude_public_ca_set::Boolean

Returns Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.

Returns:

  • (::Boolean)

    Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#min_tls_version::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::TlsVersion

Returns Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.

Returns:

  • (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::TlsVersion)

    Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#name::String

Returns Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).

Returns:

  • (::String)

    Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#tls_feature_profile::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::Profile

Returns Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.

Returns:

  • (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::Profile)

    Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#trust_config::String

Returns Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.

Returns:

  • (::String)

    Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end

#update_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp when the resource was updated.

Returns:



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb', line 89

class TlsInspectionPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The minimum version of TLS protocol that can be used by clients or servers
  # to establish a connection with the TLS inspection proxy.
  module TlsVersion
    # Indicates no TLS version was specified.
    TLS_VERSION_UNSPECIFIED = 0

    # TLS 1.0
    TLS_1_0 = 1

    # TLS 1.1
    TLS_1_1 = 2

    # TLS 1.2
    TLS_1_2 = 3

    # TLS 1.3
    TLS_1_3 = 4
  end

  # Profile specifies the set of TLS cipher suites (and possibly
  # other features in the future) that can be used by the firewall when
  # negotiating TLS connections with clients and servers. The meaning of these
  # fields is identical to the load balancers' SSLPolicy resource.
  module Profile
    # Indicates no profile was specified.
    PROFILE_UNSPECIFIED = 0

    # Compatible profile. Allows the broadest set of clients, even those
    # which support only out-of-date SSL features to negotiate with the TLS
    # inspection proxy.
    PROFILE_COMPATIBLE = 1

    # Modern profile. Supports a wide set of SSL features, allowing modern
    # clients to negotiate SSL with the TLS inspection proxy.
    PROFILE_MODERN = 2

    # Restricted profile. Supports a reduced set of SSL features, intended to
    # meet stricter compliance requirements.
    PROFILE_RESTRICTED = 3

    # Custom profile. Allow only the set of allowed SSL features specified in
    # the custom_features field of SslPolicy.
    PROFILE_CUSTOM = 4
  end
end