Interface DownstreamTlsContextOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    DownstreamTlsContext, DownstreamTlsContext.Builder

    public interface DownstreamTlsContextOrBuilder
    extends com.google.protobuf.MessageOrBuilder
    • Method Detail

      • hasCommonTlsContext

        boolean hasCommonTlsContext()
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Returns:
        Whether the commonTlsContext field is set.
      • getCommonTlsContext

        CommonTlsContext getCommonTlsContext()
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Returns:
        The commonTlsContext.
      • getCommonTlsContextOrBuilder

        CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
         Common TLS context settings.
         
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      • hasRequireClientCertificate

        boolean hasRequireClientCertificate()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
        Returns:
        Whether the requireClientCertificate field is set.
      • getRequireClientCertificate

        com.google.protobuf.BoolValue getRequireClientCertificate()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
        Returns:
        The requireClientCertificate.
      • getRequireClientCertificateOrBuilder

        com.google.protobuf.BoolValueOrBuilder getRequireClientCertificateOrBuilder()
         If specified, Envoy will reject connections without a valid client
         certificate.
         
        .google.protobuf.BoolValue require_client_certificate = 2;
      • hasRequireSni

        boolean hasRequireSni()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
        Returns:
        Whether the requireSni field is set.
      • getRequireSni

        com.google.protobuf.BoolValue getRequireSni()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
        Returns:
        The requireSni.
      • getRequireSniOrBuilder

        com.google.protobuf.BoolValueOrBuilder getRequireSniOrBuilder()
         If specified, Envoy will reject connections without a valid and matching SNI.
         [#not-implemented-hide:]
         
        .google.protobuf.BoolValue require_sni = 3;
      • hasSessionTicketKeys

        boolean hasSessionTicketKeys()
         TLS session ticket key settings.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
        Returns:
        Whether the sessionTicketKeys field is set.
      • getSessionTicketKeys

        TlsSessionTicketKeys getSessionTicketKeys()
         TLS session ticket key settings.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
        Returns:
        The sessionTicketKeys.
      • getSessionTicketKeysOrBuilder

        TlsSessionTicketKeysOrBuilder getSessionTicketKeysOrBuilder()
         TLS session ticket key settings.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      • hasSessionTicketKeysSdsSecretConfig

        boolean hasSessionTicketKeysSdsSecretConfig()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
        Returns:
        Whether the sessionTicketKeysSdsSecretConfig field is set.
      • getSessionTicketKeysSdsSecretConfig

        SdsSecretConfig getSessionTicketKeysSdsSecretConfig()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
        Returns:
        The sessionTicketKeysSdsSecretConfig.
      • getSessionTicketKeysSdsSecretConfigOrBuilder

        SdsSecretConfigOrBuilder getSessionTicketKeysSdsSecretConfigOrBuilder()
         Config for fetching TLS session ticket keys via SDS API.
         
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      • hasDisableStatelessSessionResumption

        boolean hasDisableStatelessSessionResumption()
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
         server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
         If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
         the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
         If this config is set to false and no keys are explicitly configured, the TLS server will issue
         TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
         implication that sessions cannot be resumed across hot restarts or on different hosts.
         
        bool disable_stateless_session_resumption = 7;
        Returns:
        Whether the disableStatelessSessionResumption field is set.
      • getDisableStatelessSessionResumption

        boolean getDisableStatelessSessionResumption()
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
         server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
         If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
         the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
         If this config is set to false and no keys are explicitly configured, the TLS server will issue
         TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
         implication that sessions cannot be resumed across hot restarts or on different hosts.
         
        bool disable_stateless_session_resumption = 7;
        Returns:
        The disableStatelessSessionResumption.
      • getDisableStatefulSessionResumption

        boolean getDisableStatefulSessionResumption()
         If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is
         relevant only for TLSv1.2 and earlier.)
         
        bool disable_stateful_session_resumption = 10;
        Returns:
        The disableStatefulSessionResumption.
      • hasSessionTimeout

        boolean hasSessionTimeout()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Returns:
        Whether the sessionTimeout field is set.
      • getSessionTimeout

        com.google.protobuf.Duration getSessionTimeout()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Returns:
        The sessionTimeout.
      • getSessionTimeoutOrBuilder

        com.google.protobuf.DurationOrBuilder getSessionTimeoutOrBuilder()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
         Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
         Only seconds can be specified (fractional seconds are ignored).
         
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      • getOcspStaplePolicyValue

        int getOcspStaplePolicyValue()
         Config for whether to use certificates if they do not have
         an accompanying OCSP response or if the response expires at runtime.
         Defaults to LENIENT_STAPLING
         
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Returns:
        The enum numeric value on the wire for ocspStaplePolicy.
      • getOcspStaplePolicy

        DownstreamTlsContext.OcspStaplePolicy getOcspStaplePolicy()
         Config for whether to use certificates if they do not have
         an accompanying OCSP response or if the response expires at runtime.
         Defaults to LENIENT_STAPLING
         
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Returns:
        The ocspStaplePolicy.
      • hasFullScanCertsOnSniMismatch

        boolean hasFullScanCertsOnSniMismatch()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
        Returns:
        Whether the fullScanCertsOnSniMismatch field is set.
      • getFullScanCertsOnSniMismatch

        com.google.protobuf.BoolValue getFullScanCertsOnSniMismatch()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
        Returns:
        The fullScanCertsOnSniMismatch.
      • getFullScanCertsOnSniMismatchOrBuilder

        com.google.protobuf.BoolValueOrBuilder getFullScanCertsOnSniMismatchOrBuilder()
         Multiple certificates are allowed in Downstream transport socket to serve different SNI.
         If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
         Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
         
        .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;