class OCI::LoadBalancer::Models::SSLConfiguration

A listener's SSL handling configuration.

To use SSL, a listener must be associated with a {Certificate}.

Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.

Constants

SERVER_ORDER_PREFERENCE_ENUM

Attributes

certificate_name[RW]

A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.

Example: `example_certificate_bundle`

@return [String]

cipher_suite_name[RW]

The name of the cipher suite to use for HTTPS or SSL connections.

If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.

Notes:

  • You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration.

  • You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates.

  • If the cipher configuration is not modified after load balancer creation, the `GET` operation returns `oci-default-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing listeners that predate this feature.

  • If the cipher configuration was modified using Oracle operations after load balancer creation, the `GET` operation returns `oci-customized-ssl-cipher-suite` as the value of this field in the SSL configuration for existing listeners that predate this feature.

  • The `GET` operation returns `oci-wider-compatible-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing backend sets that predate this feature.

  • If the `GET` operation on a listener returns `oci-customized-ssl-cipher-suite` as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource.

  • The `oci-customized-ssl-cipher-suite` Oracle reserved cipher suite name is not accepted as valid input for this field.

example: `example_cipher_suite`

@return [String]

protocols[RW]

A list of SSL protocols the load balancer must support for HTTPS or SSL connections.

The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.

The Load Balancing service supports the following protocols:

  • TLSv1

  • TLSv1.1

  • TLSv1.2

If this field is not specified, TLSv1.2 is the default.

Warning: All SSL listeners created on a given port must use the same set of SSL protocols.

Notes:

  • The handshake to establish an SSL connection fails if the client supports none of the specified protocols.

  • You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite.

  • For all existing load balancer listeners and backend sets that predate this feature, the `GET` operation displays a list of SSL protocols currently used by those resources.

example: `["TLSv1.1", "TLSv1.2"]`

@return [Array<String>]

server_order_preference[R]

When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.

Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This

field is ignored when the `SSLConfiguration` object is associated with a backend set.

@return [String]

verify_depth[RW]

[Required] The maximum depth for peer certificate chain verification.

Example: `3`

@return [Integer]

verify_peer_certificate[RW]

[Required] Whether the load balancer listener should verify peer certificates.

Example: `true`

@return [BOOLEAN]

Public Class Methods

attribute_map() click to toggle source

Attribute mapping from ruby-style variable name to JSON key.

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 112
def self.attribute_map
  {
    # rubocop:disable Style/SymbolLiteral
    'verify_depth': :'verifyDepth',
    'verify_peer_certificate': :'verifyPeerCertificate',
    'certificate_name': :'certificateName',
    'server_order_preference': :'serverOrderPreference',
    'cipher_suite_name': :'cipherSuiteName',
    'protocols': :'protocols'
    # rubocop:enable Style/SymbolLiteral
  }
end
new(attributes = {}) click to toggle source

Initializes the object @param [Hash] attributes Model attributes in the form of hash @option attributes [Integer] :verify_depth The value to assign to the {#verify_depth} property @option attributes [BOOLEAN] :verify_peer_certificate The value to assign to the {#verify_peer_certificate} property @option attributes [String] :certificate_name The value to assign to the {#certificate_name} property @option attributes [String] :server_order_preference The value to assign to the {#server_order_preference} property @option attributes [String] :cipher_suite_name The value to assign to the {#cipher_suite_name} property @option attributes [Array<String>] :protocols The value to assign to the {#protocols} property

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 151
def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }

  self.verify_depth = attributes[:'verifyDepth'] if attributes[:'verifyDepth']

  raise 'You cannot provide both :verifyDepth and :verify_depth' if attributes.key?(:'verifyDepth') && attributes.key?(:'verify_depth')

  self.verify_depth = attributes[:'verify_depth'] if attributes[:'verify_depth']

  self.verify_peer_certificate = attributes[:'verifyPeerCertificate'] unless attributes[:'verifyPeerCertificate'].nil?
  self.verify_peer_certificate = false if verify_peer_certificate.nil? && !attributes.key?(:'verifyPeerCertificate') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :verifyPeerCertificate and :verify_peer_certificate' if attributes.key?(:'verifyPeerCertificate') && attributes.key?(:'verify_peer_certificate')

  self.verify_peer_certificate = attributes[:'verify_peer_certificate'] unless attributes[:'verify_peer_certificate'].nil?
  self.verify_peer_certificate = false if verify_peer_certificate.nil? && !attributes.key?(:'verifyPeerCertificate') && !attributes.key?(:'verify_peer_certificate') # rubocop:disable Style/StringLiterals

  self.certificate_name = attributes[:'certificateName'] if attributes[:'certificateName']

  raise 'You cannot provide both :certificateName and :certificate_name' if attributes.key?(:'certificateName') && attributes.key?(:'certificate_name')

  self.certificate_name = attributes[:'certificate_name'] if attributes[:'certificate_name']

  self.server_order_preference = attributes[:'serverOrderPreference'] if attributes[:'serverOrderPreference']
  self.server_order_preference = "ENABLED" if server_order_preference.nil? && !attributes.key?(:'serverOrderPreference') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :serverOrderPreference and :server_order_preference' if attributes.key?(:'serverOrderPreference') && attributes.key?(:'server_order_preference')

  self.server_order_preference = attributes[:'server_order_preference'] if attributes[:'server_order_preference']
  self.server_order_preference = "ENABLED" if server_order_preference.nil? && !attributes.key?(:'serverOrderPreference') && !attributes.key?(:'server_order_preference') # rubocop:disable Style/StringLiterals

  self.cipher_suite_name = attributes[:'cipherSuiteName'] if attributes[:'cipherSuiteName']
  self.cipher_suite_name = "oci-default-ssl-cipher-suite-v1" if cipher_suite_name.nil? && !attributes.key?(:'cipherSuiteName') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :cipherSuiteName and :cipher_suite_name' if attributes.key?(:'cipherSuiteName') && attributes.key?(:'cipher_suite_name')

  self.cipher_suite_name = attributes[:'cipher_suite_name'] if attributes[:'cipher_suite_name']
  self.cipher_suite_name = "oci-default-ssl-cipher-suite-v1" if cipher_suite_name.nil? && !attributes.key?(:'cipherSuiteName') && !attributes.key?(:'cipher_suite_name') # rubocop:disable Style/StringLiterals

  self.protocols = attributes[:'protocols'] if attributes[:'protocols']
end
swagger_types() click to toggle source

Attribute type mapping.

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 126
def self.swagger_types
  {
    # rubocop:disable Style/SymbolLiteral
    'verify_depth': :'Integer',
    'verify_peer_certificate': :'BOOLEAN',
    'certificate_name': :'String',
    'server_order_preference': :'String',
    'cipher_suite_name': :'String',
    'protocols': :'Array<String>'
    # rubocop:enable Style/SymbolLiteral
  }
end

Public Instance Methods

==(other) click to toggle source

Checks equality by comparing each attribute. @param [Object] other the other object to be compared

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 216
def ==(other)
  return true if equal?(other)

  self.class == other.class &&
    verify_depth == other.verify_depth &&
    verify_peer_certificate == other.verify_peer_certificate &&
    certificate_name == other.certificate_name &&
    server_order_preference == other.server_order_preference &&
    cipher_suite_name == other.cipher_suite_name &&
    protocols == other.protocols
end
build_from_hash(attributes) click to toggle source

Builds the object from hash @param [Hash] attributes Model attributes in the form of hash @return [Object] Returns the model itself

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 251
def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)

  self.class.swagger_types.each_pair do |key, type|
    if type =~ /^Array<(.*)>/i
      # check to ensure the input is an array given that the the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        public_method("#{key}=").call(
          attributes[self.class.attribute_map[key]]
            .map { |v| OCI::Internal::Util.convert_to_type(Regexp.last_match(1), v) }
        )
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      public_method("#{key}=").call(
        OCI::Internal::Util.convert_to_type(type, attributes[self.class.attribute_map[key]])
      )
    end
    # or else data not found in attributes(hash), not an issue as the data can be optional
  end

  self
end
eql?(other) click to toggle source

@see the `==` method @param [Object] other the other object to be compared

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 231
def eql?(other)
  self == other
end
hash() click to toggle source

Calculates hash code according to all attributes. @return [Fixnum] Hash code

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 240
def hash
  [verify_depth, verify_peer_certificate, certificate_name, server_order_preference, cipher_suite_name, protocols].hash
end
server_order_preference=(server_order_preference) click to toggle source

Custom attribute writer method checking allowed values (enum). @param [Object] server_order_preference Object to be assigned

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 200
def server_order_preference=(server_order_preference)
  # rubocop:disable Style/ConditionalAssignment
  if server_order_preference && !SERVER_ORDER_PREFERENCE_ENUM.include?(server_order_preference)
    OCI.logger.debug("Unknown value for 'server_order_preference' [" + server_order_preference + "]. Mapping to 'SERVER_ORDER_PREFERENCE_UNKNOWN_ENUM_VALUE'") if OCI.logger
    @server_order_preference = SERVER_ORDER_PREFERENCE_UNKNOWN_ENUM_VALUE
  else
    @server_order_preference = server_order_preference
  end
  # rubocop:enable Style/ConditionalAssignment
end
to_hash() click to toggle source

Returns the object in the form of hash @return [Hash] Returns the object in the form of hash

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 284
def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = public_method(attr).call
    next if value.nil? && !instance_variable_defined?("@#{attr}")

    hash[param] = _to_hash(value)
  end
  hash
end
to_s() click to toggle source

Returns the string representation of the object @return [String] String presentation of the object

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 278
def to_s
  to_hash.to_s
end

Private Instance Methods

_to_hash(value) click to toggle source

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value @param [Object] value Any valid value @return [Hash] Returns the value in the form of hash

# File lib/oci/load_balancer/models/ssl_configuration.rb, line 301
def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end