Interface UpstreamTlsContextOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
UpstreamTlsContext, UpstreamTlsContext.Builder

public interface UpstreamTlsContextOrBuilder extends com.google.protobuf.MessageOrBuilder
  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    If true, server-initiated TLS renegotiation will be allowed.
    Common TLS context settings.
    Common TLS context settings.
    com.google.protobuf.BoolValue
    This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension is present and incompatible with the TLS usage.
    com.google.protobuf.BoolValueOrBuilder
    This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension is present and incompatible with the TLS usage.
    com.google.protobuf.UInt32Value
    Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets for TLSv1.2 and older) to store for the purpose of session resumption.
    com.google.protobuf.UInt32ValueOrBuilder
    Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets for TLSv1.2 and older) to store for the purpose of session resumption.
    SNI string to use when creating TLS backend connections.
    com.google.protobuf.ByteString
    SNI string to use when creating TLS backend connections.
    boolean
    Common TLS context settings.
    boolean
    This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension is present and incompatible with the TLS usage.
    boolean
    Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets for TLSv1.2 and older) to store for the purpose of session resumption.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
  • Method Details

    • hasCommonTlsContext

      boolean hasCommonTlsContext()
       Common TLS context settings.
      
       .. attention::
      
       Server certificate verification is not enabled by default. Configure
       :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
       verification.
       
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Returns:
      Whether the commonTlsContext field is set.
    • getCommonTlsContext

      CommonTlsContext getCommonTlsContext()
       Common TLS context settings.
      
       .. attention::
      
       Server certificate verification is not enabled by default. Configure
       :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
       verification.
       
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Returns:
      The commonTlsContext.
    • getCommonTlsContextOrBuilder

      CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
       Common TLS context settings.
      
       .. attention::
      
       Server certificate verification is not enabled by default. Configure
       :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
       verification.
       
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
    • getSni

      String getSni()
       SNI string to use when creating TLS backend connections.
       
      string sni = 2 [(.validate.rules) = { ... }
      Returns:
      The sni.
    • getSniBytes

      com.google.protobuf.ByteString getSniBytes()
       SNI string to use when creating TLS backend connections.
       
      string sni = 2 [(.validate.rules) = { ... }
      Returns:
      The bytes for sni.
    • getAllowRenegotiation

      boolean getAllowRenegotiation()
       If true, server-initiated TLS renegotiation will be allowed.
      
       .. attention::
      
       TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
       
      bool allow_renegotiation = 3;
      Returns:
      The allowRenegotiation.
    • hasMaxSessionKeys

      boolean hasMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
       for TLSv1.2 and older) to store for the purpose of session resumption.
      
       Defaults to 1, setting this to 0 disables session resumption.
       
      .google.protobuf.UInt32Value max_session_keys = 4;
      Returns:
      Whether the maxSessionKeys field is set.
    • getMaxSessionKeys

      com.google.protobuf.UInt32Value getMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
       for TLSv1.2 and older) to store for the purpose of session resumption.
      
       Defaults to 1, setting this to 0 disables session resumption.
       
      .google.protobuf.UInt32Value max_session_keys = 4;
      Returns:
      The maxSessionKeys.
    • getMaxSessionKeysOrBuilder

      com.google.protobuf.UInt32ValueOrBuilder getMaxSessionKeysOrBuilder()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
       for TLSv1.2 and older) to store for the purpose of session resumption.
      
       Defaults to 1, setting this to 0 disables session resumption.
       
      .google.protobuf.UInt32Value max_session_keys = 4;
    • hasEnforceRsaKeyUsage

      boolean hasEnforceRsaKeyUsage()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
       is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
       but it is expected to be changed to true by default in a future release.
       ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
       configurations that would fail if this option were set to true.
       
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Returns:
      Whether the enforceRsaKeyUsage field is set.
    • getEnforceRsaKeyUsage

      com.google.protobuf.BoolValue getEnforceRsaKeyUsage()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
       is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
       but it is expected to be changed to true by default in a future release.
       ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
       configurations that would fail if this option were set to true.
       
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Returns:
      The enforceRsaKeyUsage.
    • getEnforceRsaKeyUsageOrBuilder

      com.google.protobuf.BoolValueOrBuilder getEnforceRsaKeyUsageOrBuilder()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
       is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
       but it is expected to be changed to true by default in a future release.
       ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
       configurations that would fail if this option were set to true.
       
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;