Class DownstreamTlsContext.Builder

  • All Implemented Interfaces:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, DownstreamTlsContextOrBuilder, java.lang.Cloneable
    Enclosing class:
    DownstreamTlsContext

    public static final class DownstreamTlsContext.Builder
    extends com.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
    implements DownstreamTlsContextOrBuilder
     [#next-free-field: 11]
     
    Protobuf type envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
    • Field Detail

      • sessionTicketKeysTypeCase_

        private int sessionTicketKeysTypeCase_
      • sessionTicketKeysType_

        private java.lang.Object sessionTicketKeysType_
      • bitField0_

        private int bitField0_
      • requireClientCertificate_

        private com.google.protobuf.BoolValue requireClientCertificate_
      • requireClientCertificateBuilder_

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> requireClientCertificateBuilder_
      • requireSni_

        private com.google.protobuf.BoolValue requireSni_
      • requireSniBuilder_

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> requireSniBuilder_
      • disableStatefulSessionResumption_

        private boolean disableStatefulSessionResumption_
      • sessionTimeout_

        private com.google.protobuf.Duration sessionTimeout_
      • sessionTimeoutBuilder_

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.Duration,​com.google.protobuf.Duration.Builder,​com.google.protobuf.DurationOrBuilder> sessionTimeoutBuilder_
      • ocspStaplePolicy_

        private int ocspStaplePolicy_
      • fullScanCertsOnSniMismatch_

        private com.google.protobuf.BoolValue fullScanCertsOnSniMismatch_
      • fullScanCertsOnSniMismatchBuilder_

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> fullScanCertsOnSniMismatchBuilder_
    • Constructor Detail

      • Builder

        private Builder()
      • Builder

        private Builder​(com.google.protobuf.AbstractMessage.BuilderParent parent)
    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
      • maybeForceBuilderInitialization

        private void maybeForceBuilderInitialization()
      • clear

        public DownstreamTlsContext.Builder clear()
        Specified by:
        clear in interface com.google.protobuf.Message.Builder
        Specified by:
        clear in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clear in class com.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
      • getDefaultInstanceForType

        public DownstreamTlsContext getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder
      • build

        public DownstreamTlsContext build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder
      • buildPartial

        public DownstreamTlsContext buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder
      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
      • mergeFrom

        public DownstreamTlsContext.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                               throws java.io.IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<DownstreamTlsContext.Builder>
        Throws:
        java.io.IOException
      • hasCommonTlsContext

        public boolean hasCommonTlsContext()
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Specified by:
        hasCommonTlsContext in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the commonTlsContext field is set.
      • setCommonTlsContext

        public DownstreamTlsContext.Builder setCommonTlsContext​(CommonTlsContext value)
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      • mergeCommonTlsContext

        public DownstreamTlsContext.Builder mergeCommonTlsContext​(CommonTlsContext value)
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      • clearCommonTlsContext

        public DownstreamTlsContext.Builder clearCommonTlsContext()
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      • getCommonTlsContextBuilder

        public CommonTlsContext.Builder getCommonTlsContextBuilder()
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      • hasRequireClientCertificate

        public boolean hasRequireClientCertificate()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
        Specified by:
        hasRequireClientCertificate in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the requireClientCertificate field is set.
      • getRequireClientCertificate

        public com.google.protobuf.BoolValue getRequireClientCertificate()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
        Specified by:
        getRequireClientCertificate in interface DownstreamTlsContextOrBuilder
        Returns:
        The requireClientCertificate.
      • setRequireClientCertificate

        public DownstreamTlsContext.Builder setRequireClientCertificate​(com.google.protobuf.BoolValue value)
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
      • setRequireClientCertificate

        public DownstreamTlsContext.Builder setRequireClientCertificate​(com.google.protobuf.BoolValue.Builder builderForValue)
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
      • mergeRequireClientCertificate

        public DownstreamTlsContext.Builder mergeRequireClientCertificate​(com.google.protobuf.BoolValue value)
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
      • clearRequireClientCertificate

        public DownstreamTlsContext.Builder clearRequireClientCertificate()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
      • getRequireClientCertificateBuilder

        public com.google.protobuf.BoolValue.Builder getRequireClientCertificateBuilder()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
      • getRequireClientCertificateOrBuilder

        public com.google.protobuf.BoolValueOrBuilder getRequireClientCertificateOrBuilder()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
        Specified by:
        getRequireClientCertificateOrBuilder in interface DownstreamTlsContextOrBuilder
      • getRequireClientCertificateFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> getRequireClientCertificateFieldBuilder()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
      • hasRequireSni

        public boolean hasRequireSni()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
        Specified by:
        hasRequireSni in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the requireSni field is set.
      • getRequireSni

        public com.google.protobuf.BoolValue getRequireSni()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
        Specified by:
        getRequireSni in interface DownstreamTlsContextOrBuilder
        Returns:
        The requireSni.
      • setRequireSni

        public DownstreamTlsContext.Builder setRequireSni​(com.google.protobuf.BoolValue value)
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
      • setRequireSni

        public DownstreamTlsContext.Builder setRequireSni​(com.google.protobuf.BoolValue.Builder builderForValue)
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
      • mergeRequireSni

        public DownstreamTlsContext.Builder mergeRequireSni​(com.google.protobuf.BoolValue value)
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
      • clearRequireSni

        public DownstreamTlsContext.Builder clearRequireSni()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
      • getRequireSniBuilder

        public com.google.protobuf.BoolValue.Builder getRequireSniBuilder()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
      • getRequireSniOrBuilder

        public com.google.protobuf.BoolValueOrBuilder getRequireSniOrBuilder()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
        Specified by:
        getRequireSniOrBuilder in interface DownstreamTlsContextOrBuilder
      • getRequireSniFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> getRequireSniFieldBuilder()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
      • hasSessionTicketKeys

        public boolean hasSessionTicketKeys()
         TLS session ticket key settings.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
        Specified by:
        hasSessionTicketKeys in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the sessionTicketKeys field is set.
      • clearSessionTicketKeys

        public DownstreamTlsContext.Builder clearSessionTicketKeys()
         TLS session ticket key settings.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      • getSessionTicketKeysBuilder

        public TlsSessionTicketKeys.Builder getSessionTicketKeysBuilder()
         TLS session ticket key settings.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      • hasSessionTicketKeysSdsSecretConfig

        public boolean hasSessionTicketKeysSdsSecretConfig()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
        Specified by:
        hasSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the sessionTicketKeysSdsSecretConfig field is set.
      • getSessionTicketKeysSdsSecretConfig

        public SdsSecretConfig getSessionTicketKeysSdsSecretConfig()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
        Specified by:
        getSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
        Returns:
        The sessionTicketKeysSdsSecretConfig.
      • setSessionTicketKeysSdsSecretConfig

        public DownstreamTlsContext.Builder setSessionTicketKeysSdsSecretConfig​(SdsSecretConfig value)
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      • setSessionTicketKeysSdsSecretConfig

        public DownstreamTlsContext.Builder setSessionTicketKeysSdsSecretConfig​(SdsSecretConfig.Builder builderForValue)
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      • mergeSessionTicketKeysSdsSecretConfig

        public DownstreamTlsContext.Builder mergeSessionTicketKeysSdsSecretConfig​(SdsSecretConfig value)
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      • clearSessionTicketKeysSdsSecretConfig

        public DownstreamTlsContext.Builder clearSessionTicketKeysSdsSecretConfig()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      • getSessionTicketKeysSdsSecretConfigBuilder

        public SdsSecretConfig.Builder getSessionTicketKeysSdsSecretConfigBuilder()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      • getSessionTicketKeysSdsSecretConfigFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<SdsSecretConfig,​SdsSecretConfig.Builder,​SdsSecretConfigOrBuilder> getSessionTicketKeysSdsSecretConfigFieldBuilder()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      • hasDisableStatelessSessionResumption

        public boolean hasDisableStatelessSessionResumption()
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
         server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
         If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
         the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
         If this config is set to false and no keys are explicitly configured, the TLS server will issue
         TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
         implication that sessions cannot be resumed across hot restarts or on different hosts.
         
        bool disable_stateless_session_resumption = 7;
        Specified by:
        hasDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the disableStatelessSessionResumption field is set.
      • getDisableStatelessSessionResumption

        public boolean getDisableStatelessSessionResumption()
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
         server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
         If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
         the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
         If this config is set to false and no keys are explicitly configured, the TLS server will issue
         TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
         implication that sessions cannot be resumed across hot restarts or on different hosts.
         
        bool disable_stateless_session_resumption = 7;
        Specified by:
        getDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
        Returns:
        The disableStatelessSessionResumption.
      • setDisableStatelessSessionResumption

        public DownstreamTlsContext.Builder setDisableStatelessSessionResumption​(boolean value)
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
         server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
         If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
         the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
         If this config is set to false and no keys are explicitly configured, the TLS server will issue
         TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
         implication that sessions cannot be resumed across hot restarts or on different hosts.
         
        bool disable_stateless_session_resumption = 7;
        Parameters:
        value - The disableStatelessSessionResumption to set.
        Returns:
        This builder for chaining.
      • clearDisableStatelessSessionResumption

        public DownstreamTlsContext.Builder clearDisableStatelessSessionResumption()
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
         server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
         If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
         the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
         If this config is set to false and no keys are explicitly configured, the TLS server will issue
         TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
         implication that sessions cannot be resumed across hot restarts or on different hosts.
         
        bool disable_stateless_session_resumption = 7;
        Returns:
        This builder for chaining.
      • getDisableStatefulSessionResumption

        public boolean getDisableStatefulSessionResumption()
         If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is
         relevant only for TLSv1.2 and earlier.)
         
        bool disable_stateful_session_resumption = 10;
        Specified by:
        getDisableStatefulSessionResumption in interface DownstreamTlsContextOrBuilder
        Returns:
        The disableStatefulSessionResumption.
      • setDisableStatefulSessionResumption

        public DownstreamTlsContext.Builder setDisableStatefulSessionResumption​(boolean value)
         If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is
         relevant only for TLSv1.2 and earlier.)
         
        bool disable_stateful_session_resumption = 10;
        Parameters:
        value - The disableStatefulSessionResumption to set.
        Returns:
        This builder for chaining.
      • clearDisableStatefulSessionResumption

        public DownstreamTlsContext.Builder clearDisableStatefulSessionResumption()
         If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is
         relevant only for TLSv1.2 and earlier.)
         
        bool disable_stateful_session_resumption = 10;
        Returns:
        This builder for chaining.
      • hasSessionTimeout

        public boolean hasSessionTimeout()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Specified by:
        hasSessionTimeout in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the sessionTimeout field is set.
      • getSessionTimeout

        public com.google.protobuf.Duration getSessionTimeout()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Specified by:
        getSessionTimeout in interface DownstreamTlsContextOrBuilder
        Returns:
        The sessionTimeout.
      • setSessionTimeout

        public DownstreamTlsContext.Builder setSessionTimeout​(com.google.protobuf.Duration value)
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      • setSessionTimeout

        public DownstreamTlsContext.Builder setSessionTimeout​(com.google.protobuf.Duration.Builder builderForValue)
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      • mergeSessionTimeout

        public DownstreamTlsContext.Builder mergeSessionTimeout​(com.google.protobuf.Duration value)
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      • clearSessionTimeout

        public DownstreamTlsContext.Builder clearSessionTimeout()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      • getSessionTimeoutBuilder

        public com.google.protobuf.Duration.Builder getSessionTimeoutBuilder()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      • getSessionTimeoutOrBuilder

        public com.google.protobuf.DurationOrBuilder getSessionTimeoutOrBuilder()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Specified by:
        getSessionTimeoutOrBuilder in interface DownstreamTlsContextOrBuilder
      • getSessionTimeoutFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.Duration,​com.google.protobuf.Duration.Builder,​com.google.protobuf.DurationOrBuilder> getSessionTimeoutFieldBuilder()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      • getOcspStaplePolicyValue

        public int getOcspStaplePolicyValue()
         Config for whether to use certificates if they do not have
         an accompanying OCSP response or if the response expires at runtime.
         Defaults to LENIENT_STAPLING
         
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Specified by:
        getOcspStaplePolicyValue in interface DownstreamTlsContextOrBuilder
        Returns:
        The enum numeric value on the wire for ocspStaplePolicy.
      • setOcspStaplePolicyValue

        public DownstreamTlsContext.Builder setOcspStaplePolicyValue​(int value)
         Config for whether to use certificates if they do not have
         an accompanying OCSP response or if the response expires at runtime.
         Defaults to LENIENT_STAPLING
         
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Parameters:
        value - The enum numeric value on the wire for ocspStaplePolicy to set.
        Returns:
        This builder for chaining.
      • getOcspStaplePolicy

        public DownstreamTlsContext.OcspStaplePolicy getOcspStaplePolicy()
         Config for whether to use certificates if they do not have
         an accompanying OCSP response or if the response expires at runtime.
         Defaults to LENIENT_STAPLING
         
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Specified by:
        getOcspStaplePolicy in interface DownstreamTlsContextOrBuilder
        Returns:
        The ocspStaplePolicy.
      • setOcspStaplePolicy

        public DownstreamTlsContext.Builder setOcspStaplePolicy​(DownstreamTlsContext.OcspStaplePolicy value)
         Config for whether to use certificates if they do not have
         an accompanying OCSP response or if the response expires at runtime.
         Defaults to LENIENT_STAPLING
         
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Parameters:
        value - The ocspStaplePolicy to set.
        Returns:
        This builder for chaining.
      • clearOcspStaplePolicy

        public DownstreamTlsContext.Builder clearOcspStaplePolicy()
         Config for whether to use certificates if they do not have
         an accompanying OCSP response or if the response expires at runtime.
         Defaults to LENIENT_STAPLING
         
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Returns:
        This builder for chaining.
      • hasFullScanCertsOnSniMismatch

        public boolean hasFullScanCertsOnSniMismatch()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
        Specified by:
        hasFullScanCertsOnSniMismatch in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the fullScanCertsOnSniMismatch field is set.
      • getFullScanCertsOnSniMismatch

        public com.google.protobuf.BoolValue getFullScanCertsOnSniMismatch()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
        Specified by:
        getFullScanCertsOnSniMismatch in interface DownstreamTlsContextOrBuilder
        Returns:
        The fullScanCertsOnSniMismatch.
      • setFullScanCertsOnSniMismatch

        public DownstreamTlsContext.Builder setFullScanCertsOnSniMismatch​(com.google.protobuf.BoolValue value)
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      • setFullScanCertsOnSniMismatch

        public DownstreamTlsContext.Builder setFullScanCertsOnSniMismatch​(com.google.protobuf.BoolValue.Builder builderForValue)
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      • mergeFullScanCertsOnSniMismatch

        public DownstreamTlsContext.Builder mergeFullScanCertsOnSniMismatch​(com.google.protobuf.BoolValue value)
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      • clearFullScanCertsOnSniMismatch

        public DownstreamTlsContext.Builder clearFullScanCertsOnSniMismatch()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      • getFullScanCertsOnSniMismatchBuilder

        public com.google.protobuf.BoolValue.Builder getFullScanCertsOnSniMismatchBuilder()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      • getFullScanCertsOnSniMismatchOrBuilder

        public com.google.protobuf.BoolValueOrBuilder getFullScanCertsOnSniMismatchOrBuilder()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
        Specified by:
        getFullScanCertsOnSniMismatchOrBuilder in interface DownstreamTlsContextOrBuilder
      • getFullScanCertsOnSniMismatchFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> getFullScanCertsOnSniMismatchFieldBuilder()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;