Interface TlsParametersOrBuilder
-
- All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
- All Known Implementing Classes:
TlsParameters
,TlsParameters.Builder
public interface TlsParametersOrBuilder extends com.google.protobuf.MessageOrBuilder
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description java.lang.String
getCipherSuites(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).com.google.protobuf.ByteString
getCipherSuitesBytes(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).int
getCipherSuitesCount()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).java.util.List<java.lang.String>
getCipherSuitesList()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).java.lang.String
getEcdhCurves(int index)
If specified, the TLS connection will only support the specified ECDH curves.com.google.protobuf.ByteString
getEcdhCurvesBytes(int index)
If specified, the TLS connection will only support the specified ECDH curves.int
getEcdhCurvesCount()
If specified, the TLS connection will only support the specified ECDH curves.java.util.List<java.lang.String>
getEcdhCurvesList()
If specified, the TLS connection will only support the specified ECDH curves.java.lang.String
getSignatureAlgorithms(int index)
If specified, the TLS connection will only support the specified signature algorithms.com.google.protobuf.ByteString
getSignatureAlgorithmsBytes(int index)
If specified, the TLS connection will only support the specified signature algorithms.int
getSignatureAlgorithmsCount()
If specified, the TLS connection will only support the specified signature algorithms.java.util.List<java.lang.String>
getSignatureAlgorithmsList()
If specified, the TLS connection will only support the specified signature algorithms.TlsParameters.TlsProtocol
getTlsMaximumProtocolVersion()
Maximum TLS protocol version.int
getTlsMaximumProtocolVersionValue()
Maximum TLS protocol version.TlsParameters.TlsProtocol
getTlsMinimumProtocolVersion()
Minimum TLS protocol version.int
getTlsMinimumProtocolVersionValue()
Minimum TLS protocol version.-
Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
-
-
-
-
Method Detail
-
getTlsMinimumProtocolVersionValue
int getTlsMinimumProtocolVersionValue()
Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. TLS protocol versions below TLSv1_2 require setting compatible ciphers with the ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. .. attention:: Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
- Returns:
- The enum numeric value on the wire for tlsMinimumProtocolVersion.
-
getTlsMinimumProtocolVersion
TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. TLS protocol versions below TLSv1_2 require setting compatible ciphers with the ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. .. attention:: Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
- Returns:
- The tlsMinimumProtocolVersion.
-
getTlsMaximumProtocolVersionValue
int getTlsMaximumProtocolVersionValue()
Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for servers.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
- Returns:
- The enum numeric value on the wire for tlsMaximumProtocolVersion.
-
getTlsMaximumProtocolVersion
TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for servers.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
- Returns:
- The tlsMaximumProtocolVersion.
-
getCipherSuitesList
java.util.List<java.lang.String> getCipherSuitesList()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Returns:
- A list containing the cipherSuites.
-
getCipherSuitesCount
int getCipherSuitesCount()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Returns:
- The count of cipherSuites.
-
getCipherSuites
java.lang.String getCipherSuites(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Parameters:
index
- The index of the element to return.- Returns:
- The cipherSuites at the given index.
-
getCipherSuitesBytes
com.google.protobuf.ByteString getCipherSuitesBytes(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Parameters:
index
- The index of the value to return.- Returns:
- The bytes of the cipherSuites at the given index.
-
getEcdhCurvesList
java.util.List<java.lang.String> getEcdhCurvesList()
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Returns:
- A list containing the ecdhCurves.
-
getEcdhCurvesCount
int getEcdhCurvesCount()
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Returns:
- The count of ecdhCurves.
-
getEcdhCurves
java.lang.String getEcdhCurves(int index)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Parameters:
index
- The index of the element to return.- Returns:
- The ecdhCurves at the given index.
-
getEcdhCurvesBytes
com.google.protobuf.ByteString getEcdhCurvesBytes(int index)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Parameters:
index
- The index of the value to return.- Returns:
- The bytes of the ecdhCurves at the given index.
-
getSignatureAlgorithmsList
java.util.List<java.lang.String> getSignatureAlgorithmsList()
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Returns:
- A list containing the signatureAlgorithms.
-
getSignatureAlgorithmsCount
int getSignatureAlgorithmsCount()
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Returns:
- The count of signatureAlgorithms.
-
getSignatureAlgorithms
java.lang.String getSignatureAlgorithms(int index)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Parameters:
index
- The index of the element to return.- Returns:
- The signatureAlgorithms at the given index.
-
getSignatureAlgorithmsBytes
com.google.protobuf.ByteString getSignatureAlgorithmsBytes(int index)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Parameters:
index
- The index of the value to return.- Returns:
- The bytes of the signatureAlgorithms at the given index.
-
-