SSLConfigurationDetails

class oci.load_balancer.models.SSLConfigurationDetails(**kwargs)

Bases: object

The load balancer’s SSL handling configuration details.

Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.

Attributes

SERVER_ORDER_PREFERENCE_DISABLED A constant which can be used with the server_order_preference property of a SSLConfigurationDetails.
SERVER_ORDER_PREFERENCE_ENABLED A constant which can be used with the server_order_preference property of a SSLConfigurationDetails.
certificate_name Gets the certificate_name of this SSLConfigurationDetails.
cipher_suite_name Gets the cipher_suite_name of this SSLConfigurationDetails.
protocols Gets the protocols of this SSLConfigurationDetails.
server_order_preference Gets the server_order_preference of this SSLConfigurationDetails.
verify_depth Gets the verify_depth of this SSLConfigurationDetails.
verify_peer_certificate Gets the verify_peer_certificate of this SSLConfigurationDetails.

Methods

__init__(**kwargs) Initializes a new SSLConfigurationDetails object with values from keyword arguments.
SERVER_ORDER_PREFERENCE_DISABLED = 'DISABLED'

A constant which can be used with the server_order_preference property of a SSLConfigurationDetails. This constant has a value of “DISABLED”

SERVER_ORDER_PREFERENCE_ENABLED = 'ENABLED'

A constant which can be used with the server_order_preference property of a SSLConfigurationDetails. This constant has a value of “ENABLED”

__init__(**kwargs)

Initializes a new SSLConfigurationDetails object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:
  • verify_depth (int) – The value to assign to the verify_depth property of this SSLConfigurationDetails.
  • verify_peer_certificate (bool) – The value to assign to the verify_peer_certificate property of this SSLConfigurationDetails.
  • certificate_name (str) – The value to assign to the certificate_name property of this SSLConfigurationDetails.
  • protocols (list[str]) – The value to assign to the protocols property of this SSLConfigurationDetails.
  • cipher_suite_name (str) – The value to assign to the cipher_suite_name property of this SSLConfigurationDetails.
  • server_order_preference (str) – The value to assign to the server_order_preference property of this SSLConfigurationDetails. Allowed values for this property are: “ENABLED”, “DISABLED”
certificate_name

Gets the certificate_name of this SSLConfigurationDetails. A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.

Example: example_certificate_bundle

Returns:The certificate_name of this SSLConfigurationDetails.
Return type:str
cipher_suite_name

Gets the cipher_suite_name of this SSLConfigurationDetails. The name of the cipher suite to use for HTTPS or SSL connections.

If this field is not specified, the default is oci-default-ssl-cipher-suite-v1.

Notes:

  • You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration.
  • You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates.
  • If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature.
  • If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature.
  • The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature.
  • If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource.
  • The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field.

example: example_cipher_suite

Returns:The cipher_suite_name of this SSLConfigurationDetails.
Return type:str
protocols

Gets the protocols of this SSLConfigurationDetails. A list of SSL protocols the load balancer must support for HTTPS or SSL connections.

The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.

The Load Balancing service supports the following protocols:

  • TLSv1
  • TLSv1.1
  • TLSv1.2

If this field is not specified, TLSv1.2 is the default.

Warning: All SSL listeners created on a given port must use the same set of SSL protocols.

Notes:

  • The handshake to establish an SSL connection fails if the client supports none of the specified protocols.
  • You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite.
  • For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources.

example: [“TLSv1.1”, “TLSv1.2”]

Returns:The protocols of this SSLConfigurationDetails.
Return type:list[str]
server_order_preference

Gets the server_order_preference of this SSLConfigurationDetails. When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.

Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This
field is ignored when the SSLConfiguration object is associated with a backend set.

Allowed values for this property are: “ENABLED”, “DISABLED”

Returns:The server_order_preference of this SSLConfigurationDetails.
Return type:str
verify_depth

Gets the verify_depth of this SSLConfigurationDetails. The maximum depth for peer certificate chain verification.

Example: 3

Returns:The verify_depth of this SSLConfigurationDetails.
Return type:int
verify_peer_certificate

Gets the verify_peer_certificate of this SSLConfigurationDetails. Whether the load balancer listener should verify peer certificates.

Example: true

Returns:The verify_peer_certificate of this SSLConfigurationDetails.
Return type:bool