Interface TlsParametersOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    TlsParameters, TlsParameters.Builder

    public interface TlsParametersOrBuilder
    extends com.google.protobuf.MessageOrBuilder
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.lang.String getCipherSuites​(int index)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      com.google.protobuf.ByteString getCipherSuitesBytes​(int index)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      int getCipherSuitesCount()
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      java.util.List<java.lang.String> getCipherSuitesList()
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      java.lang.String getEcdhCurves​(int index)
      If specified, the TLS connection will only support the specified ECDH curves.
      com.google.protobuf.ByteString getEcdhCurvesBytes​(int index)
      If specified, the TLS connection will only support the specified ECDH curves.
      int getEcdhCurvesCount()
      If specified, the TLS connection will only support the specified ECDH curves.
      java.util.List<java.lang.String> getEcdhCurvesList()
      If specified, the TLS connection will only support the specified ECDH curves.
      java.lang.String getSignatureAlgorithms​(int index)
      If specified, the TLS connection will only support the specified signature algorithms.
      com.google.protobuf.ByteString getSignatureAlgorithmsBytes​(int index)
      If specified, the TLS connection will only support the specified signature algorithms.
      int getSignatureAlgorithmsCount()
      If specified, the TLS connection will only support the specified signature algorithms.
      java.util.List<java.lang.String> getSignatureAlgorithmsList()
      If specified, the TLS connection will only support the specified signature algorithms.
      TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
      Maximum TLS protocol version.
      int getTlsMaximumProtocolVersionValue()
      Maximum TLS protocol version.
      TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
      Minimum TLS protocol version.
      int getTlsMinimumProtocolVersionValue()
      Minimum TLS protocol version.
      • Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

        isInitialized
      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
    • Method Detail

      • getTlsMinimumProtocolVersionValue

        int getTlsMinimumProtocolVersionValue()
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
        
         TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
         ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.
        
         .. attention::
        
         Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Returns:
        The enum numeric value on the wire for tlsMinimumProtocolVersion.
      • getTlsMinimumProtocolVersion

        TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
        
         TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
         ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.
        
         .. attention::
        
         Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Returns:
        The tlsMinimumProtocolVersion.
      • getTlsMaximumProtocolVersionValue

        int getTlsMaximumProtocolVersionValue()
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
         servers.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Returns:
        The enum numeric value on the wire for tlsMaximumProtocolVersion.
      • getTlsMaximumProtocolVersion

        TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
         servers.
         
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Returns:
        The tlsMaximumProtocolVersion.
      • getCipherSuitesList

        java.util.List<java.lang.String> getCipherSuitesList()
         If specified, the TLS listener will only support the specified `cipher list
         <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
         when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
        
         If not specified, a default list will be used. Defaults are different for server (downstream) and
         client (upstream) TLS configurations.
         Defaults will change over time in response to security considerations; If you care, configure
         it instead of using the default.
        
         In non-FIPS builds, the default server cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In non-FIPS builds, the default client cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
         
        repeated string cipher_suites = 3;
        Returns:
        A list containing the cipherSuites.
      • getCipherSuitesCount

        int getCipherSuitesCount()
         If specified, the TLS listener will only support the specified `cipher list
         <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
         when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
        
         If not specified, a default list will be used. Defaults are different for server (downstream) and
         client (upstream) TLS configurations.
         Defaults will change over time in response to security considerations; If you care, configure
         it instead of using the default.
        
         In non-FIPS builds, the default server cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In non-FIPS builds, the default client cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
         
        repeated string cipher_suites = 3;
        Returns:
        The count of cipherSuites.
      • getCipherSuites

        java.lang.String getCipherSuites​(int index)
         If specified, the TLS listener will only support the specified `cipher list
         <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
         when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
        
         If not specified, a default list will be used. Defaults are different for server (downstream) and
         client (upstream) TLS configurations.
         Defaults will change over time in response to security considerations; If you care, configure
         it instead of using the default.
        
         In non-FIPS builds, the default server cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In non-FIPS builds, the default client cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
         
        repeated string cipher_suites = 3;
        Parameters:
        index - The index of the element to return.
        Returns:
        The cipherSuites at the given index.
      • getCipherSuitesBytes

        com.google.protobuf.ByteString getCipherSuitesBytes​(int index)
         If specified, the TLS listener will only support the specified `cipher list
         <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
         when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
        
         If not specified, a default list will be used. Defaults are different for server (downstream) and
         client (upstream) TLS configurations.
         Defaults will change over time in response to security considerations; If you care, configure
         it instead of using the default.
        
         In non-FIPS builds, the default server cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In non-FIPS builds, the default client cipher list is:
        
         .. code-block:: none
        
         [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
         [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
        
         .. code-block:: none
        
         ECDHE-ECDSA-AES128-GCM-SHA256
         ECDHE-RSA-AES128-GCM-SHA256
         ECDHE-ECDSA-AES256-GCM-SHA384
         ECDHE-RSA-AES256-GCM-SHA384
         
        repeated string cipher_suites = 3;
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the cipherSuites at the given index.
      • getEcdhCurvesList

        java.util.List<java.lang.String> getEcdhCurvesList()
         If specified, the TLS connection will only support the specified ECDH
         curves. If not specified, the default curves will be used.
        
         In non-FIPS builds, the default curves are:
        
         .. code-block:: none
        
         X25519
         P-256
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
        
         .. code-block:: none
        
         P-256
         
        repeated string ecdh_curves = 4;
        Returns:
        A list containing the ecdhCurves.
      • getEcdhCurvesCount

        int getEcdhCurvesCount()
         If specified, the TLS connection will only support the specified ECDH
         curves. If not specified, the default curves will be used.
        
         In non-FIPS builds, the default curves are:
        
         .. code-block:: none
        
         X25519
         P-256
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
        
         .. code-block:: none
        
         P-256
         
        repeated string ecdh_curves = 4;
        Returns:
        The count of ecdhCurves.
      • getEcdhCurves

        java.lang.String getEcdhCurves​(int index)
         If specified, the TLS connection will only support the specified ECDH
         curves. If not specified, the default curves will be used.
        
         In non-FIPS builds, the default curves are:
        
         .. code-block:: none
        
         X25519
         P-256
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
        
         .. code-block:: none
        
         P-256
         
        repeated string ecdh_curves = 4;
        Parameters:
        index - The index of the element to return.
        Returns:
        The ecdhCurves at the given index.
      • getEcdhCurvesBytes

        com.google.protobuf.ByteString getEcdhCurvesBytes​(int index)
         If specified, the TLS connection will only support the specified ECDH
         curves. If not specified, the default curves will be used.
        
         In non-FIPS builds, the default curves are:
        
         .. code-block:: none
        
         X25519
         P-256
        
         In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
        
         .. code-block:: none
        
         P-256
         
        repeated string ecdh_curves = 4;
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the ecdhCurves at the given index.
      • getSignatureAlgorithmsList

        java.util.List<java.lang.String> getSignatureAlgorithmsList()
         If specified, the TLS connection will only support the specified signature algorithms.
         The list is ordered by preference.
         If not specified, the default signature algorithms defined by BoringSSL will be used.
        
         Default signature algorithms selected by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         ecdsa_secp256r1_sha256
         rsa_pss_rsae_sha256
         rsa_pkcs1_sha256
         ecdsa_secp384r1_sha384
         rsa_pss_rsae_sha384
         rsa_pkcs1_sha384
         rsa_pss_rsae_sha512
         rsa_pkcs1_sha512
         rsa_pkcs1_sha1
        
         Signature algorithms supported by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         rsa_pkcs1_sha256
         rsa_pkcs1_sha384
         rsa_pkcs1_sha512
         ecdsa_secp256r1_sha256
         ecdsa_secp384r1_sha384
         ecdsa_secp521r1_sha512
         rsa_pss_rsae_sha256
         rsa_pss_rsae_sha384
         rsa_pss_rsae_sha512
         ed25519
         rsa_pkcs1_sha1
         ecdsa_sha1
         
        repeated string signature_algorithms = 5;
        Returns:
        A list containing the signatureAlgorithms.
      • getSignatureAlgorithmsCount

        int getSignatureAlgorithmsCount()
         If specified, the TLS connection will only support the specified signature algorithms.
         The list is ordered by preference.
         If not specified, the default signature algorithms defined by BoringSSL will be used.
        
         Default signature algorithms selected by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         ecdsa_secp256r1_sha256
         rsa_pss_rsae_sha256
         rsa_pkcs1_sha256
         ecdsa_secp384r1_sha384
         rsa_pss_rsae_sha384
         rsa_pkcs1_sha384
         rsa_pss_rsae_sha512
         rsa_pkcs1_sha512
         rsa_pkcs1_sha1
        
         Signature algorithms supported by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         rsa_pkcs1_sha256
         rsa_pkcs1_sha384
         rsa_pkcs1_sha512
         ecdsa_secp256r1_sha256
         ecdsa_secp384r1_sha384
         ecdsa_secp521r1_sha512
         rsa_pss_rsae_sha256
         rsa_pss_rsae_sha384
         rsa_pss_rsae_sha512
         ed25519
         rsa_pkcs1_sha1
         ecdsa_sha1
         
        repeated string signature_algorithms = 5;
        Returns:
        The count of signatureAlgorithms.
      • getSignatureAlgorithms

        java.lang.String getSignatureAlgorithms​(int index)
         If specified, the TLS connection will only support the specified signature algorithms.
         The list is ordered by preference.
         If not specified, the default signature algorithms defined by BoringSSL will be used.
        
         Default signature algorithms selected by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         ecdsa_secp256r1_sha256
         rsa_pss_rsae_sha256
         rsa_pkcs1_sha256
         ecdsa_secp384r1_sha384
         rsa_pss_rsae_sha384
         rsa_pkcs1_sha384
         rsa_pss_rsae_sha512
         rsa_pkcs1_sha512
         rsa_pkcs1_sha1
        
         Signature algorithms supported by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         rsa_pkcs1_sha256
         rsa_pkcs1_sha384
         rsa_pkcs1_sha512
         ecdsa_secp256r1_sha256
         ecdsa_secp384r1_sha384
         ecdsa_secp521r1_sha512
         rsa_pss_rsae_sha256
         rsa_pss_rsae_sha384
         rsa_pss_rsae_sha512
         ed25519
         rsa_pkcs1_sha1
         ecdsa_sha1
         
        repeated string signature_algorithms = 5;
        Parameters:
        index - The index of the element to return.
        Returns:
        The signatureAlgorithms at the given index.
      • getSignatureAlgorithmsBytes

        com.google.protobuf.ByteString getSignatureAlgorithmsBytes​(int index)
         If specified, the TLS connection will only support the specified signature algorithms.
         The list is ordered by preference.
         If not specified, the default signature algorithms defined by BoringSSL will be used.
        
         Default signature algorithms selected by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         ecdsa_secp256r1_sha256
         rsa_pss_rsae_sha256
         rsa_pkcs1_sha256
         ecdsa_secp384r1_sha384
         rsa_pss_rsae_sha384
         rsa_pkcs1_sha384
         rsa_pss_rsae_sha512
         rsa_pkcs1_sha512
         rsa_pkcs1_sha1
        
         Signature algorithms supported by BoringSSL (may be out of date):
        
         .. code-block:: none
        
         rsa_pkcs1_sha256
         rsa_pkcs1_sha384
         rsa_pkcs1_sha512
         ecdsa_secp256r1_sha256
         ecdsa_secp384r1_sha384
         ecdsa_secp521r1_sha512
         rsa_pss_rsae_sha256
         rsa_pss_rsae_sha384
         rsa_pss_rsae_sha512
         ed25519
         rsa_pkcs1_sha1
         ecdsa_sha1
         
        repeated string signature_algorithms = 5;
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the signatureAlgorithms at the given index.