-
Notifications
You must be signed in to change notification settings - Fork 2
/
model_ssl_info.go
30 lines (28 loc) · 3.83 KB
/
model_ssl_info.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/*
* Virtual hosts API
*
* Manage virtual hosts. Virtual hosts let multiple domain names connect to the same host. A virtual host on Edge defines the domains and ports on which an API proxy is exposed, and, by extension, the URL that apps use to access an API proxy. A virtual host also defines whether the API proxy is accessed by using the HTTP protocol, or by the encrypted HTTPS protocol.
*
* API version: 1.0
* Generated by: OpenAPI Generator (https://openapi-generator.tech)
*/
package models
// SslInfo SSL information.
type SslInfo struct {
// **Edge for Private Cloud version 4.15.07 and earlier only.** Specifies the ciphers supported by the virtual host. If no ciphers are specified, then all ciphers available for the JVM will be permitted. To restrict ciphers, add the following elements: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` and `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`
Ciphers []string `json:"ciphers,omitempty"`
// Flag that specifies whether to enable two-way, or client, TLS between Edge (server) and the app (client) making the request. Enabling two-way TLS requires that you set up a truststore on Edge that contains the cert from the TLS client.
ClientAuthEnabled string `json:"clientAuthEnabled,omitempty"`
// Flag that specifies whether to enable one-way TLS/SSL. You must have defined a keystore containing the cert and private key. **For Edge for Public Cloud**: * You must have a cert signed by a trusted entity, such as Symantec or VeriSign. You cannot use a self-signed cert, or leaf certificates signed by a self-signed CA. * If your existing virtual host is configured to use a port other than `443`, you cannot change the TLS setting. That means you cannot change the TLS setting from enabled to disabled, or from disabled to enabled.
Enabled string `json:"enabled,omitempty"`
// Flag that specifies whether to ignore TLS certificate errors. This is similar to the `-k` option to curl. This option is valid when configuring TLS for Target Servers and Target Endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails.
IgnoreValidationErrors bool `json:"ignoreValidationErrors,omitempty"`
// Alias specified when you uploaded the cert and private key to the keystore. You must specify the alias name literally; you cannot use a reference. See <a href=\"https://docs.apigee.com/api-platform/system-administration/options-configuring-tls\">Options for configuring TLS</a> for more.
KeyAlias string `json:"keyAlias,omitempty"`
// Name of the keystore on Edge. Apigee recommends that you use a reference to specify the keystore name so that you can change the keystore without having to restart Routers. See <a href=\"https://docs.apigee.com/api-platform/system-administration/options-configuring-tls\">Options for configuring TLS</a> for more.
KeyStore string `json:"keyStore,omitempty"`
// **Edge for Private Cloud version 4.15.07 and earlier only.** Specifies the protocols supported by the virtual host. If no protocols are specified, then all protocols available for the JVM will be permitted. To restrict protocols, add the following elements: `TLSv1`, `TLSv1.2`, and `SSLv2Hello`
Protocols []string `json:"protocols,omitempty"`
// Name of the truststore on Edge that contains the certificate or certificate chain used for two-way TLS. Required if `clientAuthEnabled` is `true`. Apigee recommends that you use a reference to specify the truststore name so that you can change the truststore without having to restart Routers. See <a href=\"https://docs.apigee.com/api-platform/system-administration/options-configuring-tls\">Options for configuring TLS</a> for more.
TrustStore string `json:"trustStore,omitempty"`
}