Class TlsParameters.Builder
- java.lang.Object
-
- com.google.protobuf.AbstractMessageLite.Builder
-
- com.google.protobuf.AbstractMessage.Builder<BuilderT>
-
- com.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>
-
- io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsParameters.Builder
-
- All Implemented Interfaces:
com.google.protobuf.Message.Builder
,com.google.protobuf.MessageLite.Builder
,com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
,TlsParametersOrBuilder
,java.lang.Cloneable
- Enclosing class:
- TlsParameters
public static final class TlsParameters.Builder extends com.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder> implements TlsParametersOrBuilder
[#next-free-field: 6]
Protobuf typeenvoy.extensions.transport_sockets.tls.v3.TlsParameters
-
-
Field Summary
Fields Modifier and Type Field Description private int
bitField0_
private com.google.protobuf.LazyStringArrayList
cipherSuites_
private com.google.protobuf.LazyStringArrayList
ecdhCurves_
private com.google.protobuf.LazyStringArrayList
signatureAlgorithms_
private int
tlsMaximumProtocolVersion_
private int
tlsMinimumProtocolVersion_
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description TlsParameters.Builder
addAllCipherSuites(java.lang.Iterable<java.lang.String> values)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).TlsParameters.Builder
addAllEcdhCurves(java.lang.Iterable<java.lang.String> values)
If specified, the TLS connection will only support the specified ECDH curves.TlsParameters.Builder
addAllSignatureAlgorithms(java.lang.Iterable<java.lang.String> values)
If specified, the TLS connection will only support the specified signature algorithms.TlsParameters.Builder
addCipherSuites(java.lang.String value)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).TlsParameters.Builder
addCipherSuitesBytes(com.google.protobuf.ByteString value)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).TlsParameters.Builder
addEcdhCurves(java.lang.String value)
If specified, the TLS connection will only support the specified ECDH curves.TlsParameters.Builder
addEcdhCurvesBytes(com.google.protobuf.ByteString value)
If specified, the TLS connection will only support the specified ECDH curves.TlsParameters.Builder
addSignatureAlgorithms(java.lang.String value)
If specified, the TLS connection will only support the specified signature algorithms.TlsParameters.Builder
addSignatureAlgorithmsBytes(com.google.protobuf.ByteString value)
If specified, the TLS connection will only support the specified signature algorithms.TlsParameters
build()
TlsParameters
buildPartial()
private void
buildPartial0(TlsParameters result)
TlsParameters.Builder
clear()
TlsParameters.Builder
clearCipherSuites()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).TlsParameters.Builder
clearEcdhCurves()
If specified, the TLS connection will only support the specified ECDH curves.TlsParameters.Builder
clearSignatureAlgorithms()
If specified, the TLS connection will only support the specified signature algorithms.TlsParameters.Builder
clearTlsMaximumProtocolVersion()
Maximum TLS protocol version.TlsParameters.Builder
clearTlsMinimumProtocolVersion()
Minimum TLS protocol version.private void
ensureCipherSuitesIsMutable()
private void
ensureEcdhCurvesIsMutable()
private void
ensureSignatureAlgorithmsIsMutable()
java.lang.String
getCipherSuites(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).com.google.protobuf.ByteString
getCipherSuitesBytes(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).int
getCipherSuitesCount()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).com.google.protobuf.ProtocolStringList
getCipherSuitesList()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).TlsParameters
getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor
getDescriptor()
com.google.protobuf.Descriptors.Descriptor
getDescriptorForType()
java.lang.String
getEcdhCurves(int index)
If specified, the TLS connection will only support the specified ECDH curves.com.google.protobuf.ByteString
getEcdhCurvesBytes(int index)
If specified, the TLS connection will only support the specified ECDH curves.int
getEcdhCurvesCount()
If specified, the TLS connection will only support the specified ECDH curves.com.google.protobuf.ProtocolStringList
getEcdhCurvesList()
If specified, the TLS connection will only support the specified ECDH curves.java.lang.String
getSignatureAlgorithms(int index)
If specified, the TLS connection will only support the specified signature algorithms.com.google.protobuf.ByteString
getSignatureAlgorithmsBytes(int index)
If specified, the TLS connection will only support the specified signature algorithms.int
getSignatureAlgorithmsCount()
If specified, the TLS connection will only support the specified signature algorithms.com.google.protobuf.ProtocolStringList
getSignatureAlgorithmsList()
If specified, the TLS connection will only support the specified signature algorithms.TlsParameters.TlsProtocol
getTlsMaximumProtocolVersion()
Maximum TLS protocol version.int
getTlsMaximumProtocolVersionValue()
Maximum TLS protocol version.TlsParameters.TlsProtocol
getTlsMinimumProtocolVersion()
Minimum TLS protocol version.int
getTlsMinimumProtocolVersionValue()
Minimum TLS protocol version.protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
internalGetFieldAccessorTable()
boolean
isInitialized()
TlsParameters.Builder
mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
TlsParameters.Builder
mergeFrom(com.google.protobuf.Message other)
TlsParameters.Builder
mergeFrom(TlsParameters other)
TlsParameters.Builder
setCipherSuites(int index, java.lang.String value)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).TlsParameters.Builder
setEcdhCurves(int index, java.lang.String value)
If specified, the TLS connection will only support the specified ECDH curves.TlsParameters.Builder
setSignatureAlgorithms(int index, java.lang.String value)
If specified, the TLS connection will only support the specified signature algorithms.TlsParameters.Builder
setTlsMaximumProtocolVersion(TlsParameters.TlsProtocol value)
Maximum TLS protocol version.TlsParameters.Builder
setTlsMaximumProtocolVersionValue(int value)
Maximum TLS protocol version.TlsParameters.Builder
setTlsMinimumProtocolVersion(TlsParameters.TlsProtocol value)
Minimum TLS protocol version.TlsParameters.Builder
setTlsMinimumProtocolVersionValue(int value)
Minimum TLS protocol version.-
Methods inherited from class com.google.protobuf.GeneratedMessage.Builder
addRepeatedField, clearField, clearOneof, clone, getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, getUnknownFieldSetBuilder, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, internalGetMutableMapField, internalGetMutableMapFieldReflection, isClean, markClean, mergeUnknownFields, mergeUnknownLengthDelimitedField, mergeUnknownVarintField, newBuilderForField, onBuilt, onChanged, parseUnknownField, setField, setRepeatedField, setUnknownFields, setUnknownFieldSetBuilder, setUnknownFieldsProto3
-
Methods inherited from class com.google.protobuf.AbstractMessage.Builder
findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString
-
Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder
addAll, addAll, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, newUninitializedMessageException
-
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
-
-
-
Field Detail
-
bitField0_
private int bitField0_
-
tlsMinimumProtocolVersion_
private int tlsMinimumProtocolVersion_
-
tlsMaximumProtocolVersion_
private int tlsMaximumProtocolVersion_
-
cipherSuites_
private com.google.protobuf.LazyStringArrayList cipherSuites_
-
ecdhCurves_
private com.google.protobuf.LazyStringArrayList ecdhCurves_
-
signatureAlgorithms_
private com.google.protobuf.LazyStringArrayList signatureAlgorithms_
-
-
Method Detail
-
getDescriptor
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
-
internalGetFieldAccessorTable
protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
- Specified by:
internalGetFieldAccessorTable
in classcom.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>
-
clear
public TlsParameters.Builder clear()
- Specified by:
clear
in interfacecom.google.protobuf.Message.Builder
- Specified by:
clear
in interfacecom.google.protobuf.MessageLite.Builder
- Overrides:
clear
in classcom.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>
-
getDescriptorForType
public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
- Specified by:
getDescriptorForType
in interfacecom.google.protobuf.Message.Builder
- Specified by:
getDescriptorForType
in interfacecom.google.protobuf.MessageOrBuilder
- Overrides:
getDescriptorForType
in classcom.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>
-
getDefaultInstanceForType
public TlsParameters getDefaultInstanceForType()
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageOrBuilder
-
build
public TlsParameters build()
- Specified by:
build
in interfacecom.google.protobuf.Message.Builder
- Specified by:
build
in interfacecom.google.protobuf.MessageLite.Builder
-
buildPartial
public TlsParameters buildPartial()
- Specified by:
buildPartial
in interfacecom.google.protobuf.Message.Builder
- Specified by:
buildPartial
in interfacecom.google.protobuf.MessageLite.Builder
-
buildPartial0
private void buildPartial0(TlsParameters result)
-
mergeFrom
public TlsParameters.Builder mergeFrom(com.google.protobuf.Message other)
- Specified by:
mergeFrom
in interfacecom.google.protobuf.Message.Builder
- Overrides:
mergeFrom
in classcom.google.protobuf.AbstractMessage.Builder<TlsParameters.Builder>
-
mergeFrom
public TlsParameters.Builder mergeFrom(TlsParameters other)
-
isInitialized
public final boolean isInitialized()
- Specified by:
isInitialized
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Overrides:
isInitialized
in classcom.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>
-
mergeFrom
public TlsParameters.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Specified by:
mergeFrom
in interfacecom.google.protobuf.Message.Builder
- Specified by:
mergeFrom
in interfacecom.google.protobuf.MessageLite.Builder
- Overrides:
mergeFrom
in classcom.google.protobuf.AbstractMessage.Builder<TlsParameters.Builder>
- Throws:
java.io.IOException
-
getTlsMinimumProtocolVersionValue
public int getTlsMinimumProtocolVersionValue()
Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. TLS protocol versions below TLSv1_2 require setting compatible ciphers with the ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. .. attention:: Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
- Specified by:
getTlsMinimumProtocolVersionValue
in interfaceTlsParametersOrBuilder
- Returns:
- The enum numeric value on the wire for tlsMinimumProtocolVersion.
-
setTlsMinimumProtocolVersionValue
public TlsParameters.Builder setTlsMinimumProtocolVersionValue(int value)
Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. TLS protocol versions below TLSv1_2 require setting compatible ciphers with the ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. .. attention:: Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
- Parameters:
value
- The enum numeric value on the wire for tlsMinimumProtocolVersion to set.- Returns:
- This builder for chaining.
-
getTlsMinimumProtocolVersion
public TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. TLS protocol versions below TLSv1_2 require setting compatible ciphers with the ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. .. attention:: Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
- Specified by:
getTlsMinimumProtocolVersion
in interfaceTlsParametersOrBuilder
- Returns:
- The tlsMinimumProtocolVersion.
-
setTlsMinimumProtocolVersion
public TlsParameters.Builder setTlsMinimumProtocolVersion(TlsParameters.TlsProtocol value)
Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. TLS protocol versions below TLSv1_2 require setting compatible ciphers with the ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. .. attention:: Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
- Parameters:
value
- The tlsMinimumProtocolVersion to set.- Returns:
- This builder for chaining.
-
clearTlsMinimumProtocolVersion
public TlsParameters.Builder clearTlsMinimumProtocolVersion()
Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. TLS protocol versions below TLSv1_2 require setting compatible ciphers with the ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. .. attention:: Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
- Returns:
- This builder for chaining.
-
getTlsMaximumProtocolVersionValue
public int getTlsMaximumProtocolVersionValue()
Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for servers.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
- Specified by:
getTlsMaximumProtocolVersionValue
in interfaceTlsParametersOrBuilder
- Returns:
- The enum numeric value on the wire for tlsMaximumProtocolVersion.
-
setTlsMaximumProtocolVersionValue
public TlsParameters.Builder setTlsMaximumProtocolVersionValue(int value)
Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for servers.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
- Parameters:
value
- The enum numeric value on the wire for tlsMaximumProtocolVersion to set.- Returns:
- This builder for chaining.
-
getTlsMaximumProtocolVersion
public TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for servers.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
- Specified by:
getTlsMaximumProtocolVersion
in interfaceTlsParametersOrBuilder
- Returns:
- The tlsMaximumProtocolVersion.
-
setTlsMaximumProtocolVersion
public TlsParameters.Builder setTlsMaximumProtocolVersion(TlsParameters.TlsProtocol value)
Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for servers.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
- Parameters:
value
- The tlsMaximumProtocolVersion to set.- Returns:
- This builder for chaining.
-
clearTlsMaximumProtocolVersion
public TlsParameters.Builder clearTlsMaximumProtocolVersion()
Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for servers.
.envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
- Returns:
- This builder for chaining.
-
ensureCipherSuitesIsMutable
private void ensureCipherSuitesIsMutable()
-
getCipherSuitesList
public com.google.protobuf.ProtocolStringList getCipherSuitesList()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Specified by:
getCipherSuitesList
in interfaceTlsParametersOrBuilder
- Returns:
- A list containing the cipherSuites.
-
getCipherSuitesCount
public int getCipherSuitesCount()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Specified by:
getCipherSuitesCount
in interfaceTlsParametersOrBuilder
- Returns:
- The count of cipherSuites.
-
getCipherSuites
public java.lang.String getCipherSuites(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Specified by:
getCipherSuites
in interfaceTlsParametersOrBuilder
- Parameters:
index
- The index of the element to return.- Returns:
- The cipherSuites at the given index.
-
getCipherSuitesBytes
public com.google.protobuf.ByteString getCipherSuitesBytes(int index)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Specified by:
getCipherSuitesBytes
in interfaceTlsParametersOrBuilder
- Parameters:
index
- The index of the value to return.- Returns:
- The bytes of the cipherSuites at the given index.
-
setCipherSuites
public TlsParameters.Builder setCipherSuites(int index, java.lang.String value)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Parameters:
index
- The index to set the value at.value
- The cipherSuites to set.- Returns:
- This builder for chaining.
-
addCipherSuites
public TlsParameters.Builder addCipherSuites(java.lang.String value)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Parameters:
value
- The cipherSuites to add.- Returns:
- This builder for chaining.
-
addAllCipherSuites
public TlsParameters.Builder addAllCipherSuites(java.lang.Iterable<java.lang.String> values)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Parameters:
values
- The cipherSuites to add.- Returns:
- This builder for chaining.
-
clearCipherSuites
public TlsParameters.Builder clearCipherSuites()
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Returns:
- This builder for chaining.
-
addCipherSuitesBytes
public TlsParameters.Builder addCipherSuitesBytes(com.google.protobuf.ByteString value)
If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not specified, a default list will be used. Defaults are different for server (downstream) and client (upstream) TLS configurations. Defaults will change over time in response to security considerations; If you care, configure it instead of using the default. In non-FIPS builds, the default server cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In non-FIPS builds, the default client cipher list is: .. code-block:: none [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: .. code-block:: none ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384
repeated string cipher_suites = 3;
- Parameters:
value
- The bytes of the cipherSuites to add.- Returns:
- This builder for chaining.
-
ensureEcdhCurvesIsMutable
private void ensureEcdhCurvesIsMutable()
-
getEcdhCurvesList
public com.google.protobuf.ProtocolStringList getEcdhCurvesList()
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Specified by:
getEcdhCurvesList
in interfaceTlsParametersOrBuilder
- Returns:
- A list containing the ecdhCurves.
-
getEcdhCurvesCount
public int getEcdhCurvesCount()
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Specified by:
getEcdhCurvesCount
in interfaceTlsParametersOrBuilder
- Returns:
- The count of ecdhCurves.
-
getEcdhCurves
public java.lang.String getEcdhCurves(int index)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Specified by:
getEcdhCurves
in interfaceTlsParametersOrBuilder
- Parameters:
index
- The index of the element to return.- Returns:
- The ecdhCurves at the given index.
-
getEcdhCurvesBytes
public com.google.protobuf.ByteString getEcdhCurvesBytes(int index)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Specified by:
getEcdhCurvesBytes
in interfaceTlsParametersOrBuilder
- Parameters:
index
- The index of the value to return.- Returns:
- The bytes of the ecdhCurves at the given index.
-
setEcdhCurves
public TlsParameters.Builder setEcdhCurves(int index, java.lang.String value)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Parameters:
index
- The index to set the value at.value
- The ecdhCurves to set.- Returns:
- This builder for chaining.
-
addEcdhCurves
public TlsParameters.Builder addEcdhCurves(java.lang.String value)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Parameters:
value
- The ecdhCurves to add.- Returns:
- This builder for chaining.
-
addAllEcdhCurves
public TlsParameters.Builder addAllEcdhCurves(java.lang.Iterable<java.lang.String> values)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Parameters:
values
- The ecdhCurves to add.- Returns:
- This builder for chaining.
-
clearEcdhCurves
public TlsParameters.Builder clearEcdhCurves()
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Returns:
- This builder for chaining.
-
addEcdhCurvesBytes
public TlsParameters.Builder addEcdhCurvesBytes(com.google.protobuf.ByteString value)
If specified, the TLS connection will only support the specified ECDH curves. If not specified, the default curves will be used. In non-FIPS builds, the default curves are: .. code-block:: none X25519 P-256 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: .. code-block:: none P-256
repeated string ecdh_curves = 4;
- Parameters:
value
- The bytes of the ecdhCurves to add.- Returns:
- This builder for chaining.
-
ensureSignatureAlgorithmsIsMutable
private void ensureSignatureAlgorithmsIsMutable()
-
getSignatureAlgorithmsList
public com.google.protobuf.ProtocolStringList getSignatureAlgorithmsList()
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Specified by:
getSignatureAlgorithmsList
in interfaceTlsParametersOrBuilder
- Returns:
- A list containing the signatureAlgorithms.
-
getSignatureAlgorithmsCount
public int getSignatureAlgorithmsCount()
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Specified by:
getSignatureAlgorithmsCount
in interfaceTlsParametersOrBuilder
- Returns:
- The count of signatureAlgorithms.
-
getSignatureAlgorithms
public java.lang.String getSignatureAlgorithms(int index)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Specified by:
getSignatureAlgorithms
in interfaceTlsParametersOrBuilder
- Parameters:
index
- The index of the element to return.- Returns:
- The signatureAlgorithms at the given index.
-
getSignatureAlgorithmsBytes
public com.google.protobuf.ByteString getSignatureAlgorithmsBytes(int index)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Specified by:
getSignatureAlgorithmsBytes
in interfaceTlsParametersOrBuilder
- Parameters:
index
- The index of the value to return.- Returns:
- The bytes of the signatureAlgorithms at the given index.
-
setSignatureAlgorithms
public TlsParameters.Builder setSignatureAlgorithms(int index, java.lang.String value)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Parameters:
index
- The index to set the value at.value
- The signatureAlgorithms to set.- Returns:
- This builder for chaining.
-
addSignatureAlgorithms
public TlsParameters.Builder addSignatureAlgorithms(java.lang.String value)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Parameters:
value
- The signatureAlgorithms to add.- Returns:
- This builder for chaining.
-
addAllSignatureAlgorithms
public TlsParameters.Builder addAllSignatureAlgorithms(java.lang.Iterable<java.lang.String> values)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Parameters:
values
- The signatureAlgorithms to add.- Returns:
- This builder for chaining.
-
clearSignatureAlgorithms
public TlsParameters.Builder clearSignatureAlgorithms()
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Returns:
- This builder for chaining.
-
addSignatureAlgorithmsBytes
public TlsParameters.Builder addSignatureAlgorithmsBytes(com.google.protobuf.ByteString value)
If specified, the TLS connection will only support the specified signature algorithms. The list is ordered by preference. If not specified, the default signature algorithms defined by BoringSSL will be used. Default signature algorithms selected by BoringSSL (may be out of date): .. code-block:: none ecdsa_secp256r1_sha256 rsa_pss_rsae_sha256 rsa_pkcs1_sha256 ecdsa_secp384r1_sha384 rsa_pss_rsae_sha384 rsa_pkcs1_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha512 rsa_pkcs1_sha1 Signature algorithms supported by BoringSSL (may be out of date): .. code-block:: none rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 ed25519 rsa_pkcs1_sha1 ecdsa_sha1
repeated string signature_algorithms = 5;
- Parameters:
value
- The bytes of the signatureAlgorithms to add.- Returns:
- This builder for chaining.
-
-