com.oracle.bmc.loadbalancer.model

Class SSLConfigurationDetails

java.lang.Object

com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

com.oracle.bmc.loadbalancer.model.SSLConfigurationDetails

@Generated(value="OracleSDKGenerator",
           comments="API Version: 20170115")
public final class SSLConfigurationDetails
extends com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

The load balancer’s SSL handling configuration details.

*Warning:** Oracle recommends that you avoid using any confidential information when you supply string values using the API.
Note: Objects should always be created or deserialized using the SSLConfigurationDetails.Builder. This model distinguishes fields that are null because they are unset from fields that are explicitly set to null. This is done in the setter methods of the SSLConfigurationDetails.Builder, which maintain a set of all explicitly set fields called SSLConfigurationDetails.Builder.__explicitlySet__. The hashCode() and equals(Object) methods are implemented to take the explicitly set fields into account. The constructor, on the other hand, does not take the explicitly set fields into account (since the constructor cannot distinguish explicit null from unset null).

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SSLConfigurationDetails.Builder
static class	SSLConfigurationDetails.ServerOrderPreference When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.

Field Summary

Fields inherited from class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

EXPLICITLY_SET_FILTER_NAME, EXPLICITLY_SET_PROPERTY_NAME

Constructor Summary

Constructors

Constructor and Description
SSLConfigurationDetails(Integer verifyDepth, Boolean verifyPeerCertificate, Boolean hasSessionResumption, List<String> trustedCertificateAuthorityIds, List<String> certificateIds, String certificateName, List<String> protocols, String cipherSuiteName, SSLConfigurationDetails.ServerOrderPreference serverOrderPreference) Deprecated.

Method Summary

Modifier and Type	Method and Description
static SSLConfigurationDetails.Builder	builder() Create a new builder.
boolean	equals(Object o)
List<String>	getCertificateIds() Ids for OCI certificates service certificates.
String	getCertificateName() A friendly name for the certificate bundle.
String	getCipherSuiteName() The name of the cipher suite to use for HTTPS or SSL connections.
Boolean	getHasSessionResumption() Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again.
List<String>	getProtocols() A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
SSLConfigurationDetails.ServerOrderPreference	getServerOrderPreference() When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.
List<String>	getTrustedCertificateAuthorityIds() Ids for OCI certificates service CA or CA bundles for the load balancer to trust.
Integer	getVerifyDepth() The maximum depth for peer certificate chain verification.
Boolean	getVerifyPeerCertificate() Whether the load balancer listener should verify peer certificates.
int	hashCode()
SSLConfigurationDetails.Builder	toBuilder()
String	toString()
String	toString(boolean includeByteArrayContents) Return a string representation of the object.

Methods inherited from class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

markPropertyAsExplicitlySet, wasPropertyExplicitlySet

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

SSLConfigurationDetails

@Deprecated
 @ConstructorProperties(value={"verifyDepth","verifyPeerCertificate","hasSessionResumption","trustedCertificateAuthorityIds","certificateIds","certificateName","protocols","cipherSuiteName","serverOrderPreference"})
public SSLConfigurationDetails(Integer verifyDepth,
                                                                                                                                                                                                                                                                   Boolean verifyPeerCertificate,
                                                                                                                                                                                                                                                                   Boolean hasSessionResumption,
                                                                                                                                                                                                                                                                   List<String> trustedCertificateAuthorityIds,
                                                                                                                                                                                                                                                                   List<String> certificateIds,
                                                                                                                                                                                                                                                                   String certificateName,
                                                                                                                                                                                                                                                                   List<String> protocols,
                                                                                                                                                                                                                                                                   String cipherSuiteName,
                                                                                                                                                                                                                                                                   SSLConfigurationDetails.ServerOrderPreference serverOrderPreference)

Deprecated.

Method Detail

builder

public static SSLConfigurationDetails.Builder builder()

Create a new builder.

toBuilder

public SSLConfigurationDetails.Builder toBuilder()

getVerifyDepth

public Integer getVerifyDepth()

The maximum depth for peer certificate chain verification.

Example: 3

Returns:

the value

getVerifyPeerCertificate

public Boolean getVerifyPeerCertificate()

Whether the load balancer listener should verify peer certificates.

Example: true

Returns:

the value

getHasSessionResumption

public Boolean getHasSessionResumption()

Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If “true”, the service resumes the previous TLS encrypted session. If “false”, the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance.

Example: true

Returns:

the value

getTrustedCertificateAuthorityIds

public List<String> getTrustedCertificateAuthorityIds()

Ids for OCI certificates service CA or CA bundles for the load balancer to trust.

Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]

Returns:

the value

getCertificateIds

public List<String> getCertificateIds()

Ids for OCI certificates service certificates. Currently only a single Id may be passed.

Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]

Returns:

the value

getCertificateName

public String getCertificateName()

A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.

Example: example_certificate_bundle

Returns:

the value

getProtocols

public List<String> getProtocols()

A list of SSL protocols the load balancer must support for HTTPS or SSL connections.

The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.

The Load Balancing service supports the following protocols:

TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3

If this field is not specified, TLSv1.2 is the default.

*Warning:** All SSL listeners created on a given port must use the same set of SSL protocols.

*Notes:**

The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources.

example: ["TLSv1.1", "TLSv1.2"]

Returns:

the value

getCipherSuiteName

public String getCipherSuiteName()

The name of the cipher suite to use for HTTPS or SSL connections.

If this field is not specified, the default is oci-default-ssl-cipher-suite-v1.

*Notes:**

You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field.

example: example_cipher_suite

Returns:

the value

getServerOrderPreference

public SSLConfigurationDetails.ServerOrderPreference getServerOrderPreference()

When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.

*Note:** This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set.

Returns:

the value

toString

public String toString()

Overrides:

toString in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

toString

public String toString(boolean includeByteArrayContents)

Return a string representation of the object.

Parameters:

includeByteArrayContents - true to include the full contents of byte arrays

Returns:

string representation

equals

public boolean equals(Object o)

Overrides:

equals in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

hashCode

public int hashCode()

Overrides:

hashCode in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel