Interface DownstreamTlsContextOrBuilder
- All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
- All Known Implementing Classes:
DownstreamTlsContext
,DownstreamTlsContext.Builder
public interface DownstreamTlsContextOrBuilder
extends com.google.protobuf.MessageOrBuilder
-
Method Summary
Modifier and TypeMethodDescriptionCommon TLS context settings.Common TLS context settings.boolean
If set to true, the TLS server will not maintain a session cache of TLS sessions.boolean
Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption.com.google.protobuf.BoolValue
Multiple certificates are allowed in Downstream transport socket to serve different SNI.com.google.protobuf.BoolValueOrBuilder
Multiple certificates are allowed in Downstream transport socket to serve different SNI.Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime.int
Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime.com.google.protobuf.BoolValue
If specified, Envoy will reject connections without a valid client certificate.com.google.protobuf.BoolValueOrBuilder
If specified, Envoy will reject connections without a valid client certificate.com.google.protobuf.BoolValue
If specified, Envoy will reject connections without a valid and matching SNI.com.google.protobuf.BoolValueOrBuilder
If specified, Envoy will reject connections without a valid and matching SNI.TLS session ticket key settings.TLS session ticket key settings.Config for fetching TLS session ticket keys via SDS API.Config for fetching TLS session ticket keys via SDS API.com.google.protobuf.Duration
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.com.google.protobuf.DurationOrBuilder
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.boolean
Common TLS context settings.boolean
Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption.boolean
Multiple certificates are allowed in Downstream transport socket to serve different SNI.boolean
If specified, Envoy will reject connections without a valid client certificate.boolean
If specified, Envoy will reject connections without a valid and matching SNI.boolean
TLS session ticket key settings.boolean
Config for fetching TLS session ticket keys via SDS API.boolean
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder
isInitialized
Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
-
Method Details
-
hasCommonTlsContext
boolean hasCommonTlsContext()Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
- Returns:
- Whether the commonTlsContext field is set.
-
getCommonTlsContext
CommonTlsContext getCommonTlsContext()Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
- Returns:
- The commonTlsContext.
-
getCommonTlsContextOrBuilder
CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
-
hasRequireClientCertificate
boolean hasRequireClientCertificate()If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
- Returns:
- Whether the requireClientCertificate field is set.
-
getRequireClientCertificate
com.google.protobuf.BoolValue getRequireClientCertificate()If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
- Returns:
- The requireClientCertificate.
-
getRequireClientCertificateOrBuilder
com.google.protobuf.BoolValueOrBuilder getRequireClientCertificateOrBuilder()If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
-
hasRequireSni
boolean hasRequireSni()If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
- Returns:
- Whether the requireSni field is set.
-
getRequireSni
com.google.protobuf.BoolValue getRequireSni()If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
- Returns:
- The requireSni.
-
getRequireSniOrBuilder
com.google.protobuf.BoolValueOrBuilder getRequireSniOrBuilder()If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
-
hasSessionTicketKeys
boolean hasSessionTicketKeys()TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
- Returns:
- Whether the sessionTicketKeys field is set.
-
getSessionTicketKeys
TlsSessionTicketKeys getSessionTicketKeys()TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
- Returns:
- The sessionTicketKeys.
-
getSessionTicketKeysOrBuilder
TlsSessionTicketKeysOrBuilder getSessionTicketKeysOrBuilder()TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
-
hasSessionTicketKeysSdsSecretConfig
boolean hasSessionTicketKeysSdsSecretConfig()Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
- Returns:
- Whether the sessionTicketKeysSdsSecretConfig field is set.
-
getSessionTicketKeysSdsSecretConfig
SdsSecretConfig getSessionTicketKeysSdsSecretConfig()Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
- Returns:
- The sessionTicketKeysSdsSecretConfig.
-
getSessionTicketKeysSdsSecretConfigOrBuilder
SdsSecretConfigOrBuilder getSessionTicketKeysSdsSecretConfigOrBuilder()Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
-
hasDisableStatelessSessionResumption
boolean hasDisableStatelessSessionResumption()Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption. If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`. If this config is set to false and no keys are explicitly configured, the TLS server will issue TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the implication that sessions cannot be resumed across hot restarts or on different hosts.
bool disable_stateless_session_resumption = 7;
- Returns:
- Whether the disableStatelessSessionResumption field is set.
-
getDisableStatelessSessionResumption
boolean getDisableStatelessSessionResumption()Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption. If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`. If this config is set to false and no keys are explicitly configured, the TLS server will issue TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the implication that sessions cannot be resumed across hot restarts or on different hosts.
bool disable_stateless_session_resumption = 7;
- Returns:
- The disableStatelessSessionResumption.
-
getDisableStatefulSessionResumption
boolean getDisableStatefulSessionResumption()If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is relevant only for TLSv1.2 and earlier.)
bool disable_stateful_session_resumption = 10;
- Returns:
- The disableStatefulSessionResumption.
-
hasSessionTimeout
boolean hasSessionTimeout()If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
- Returns:
- Whether the sessionTimeout field is set.
-
getSessionTimeout
com.google.protobuf.Duration getSessionTimeout()If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
- Returns:
- The sessionTimeout.
-
getSessionTimeoutOrBuilder
com.google.protobuf.DurationOrBuilder getSessionTimeoutOrBuilder()If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
-
getOcspStaplePolicyValue
int getOcspStaplePolicyValue()Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime. Defaults to LENIENT_STAPLING
.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
- Returns:
- The enum numeric value on the wire for ocspStaplePolicy.
-
getOcspStaplePolicy
DownstreamTlsContext.OcspStaplePolicy getOcspStaplePolicy()Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime. Defaults to LENIENT_STAPLING
.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
- Returns:
- The ocspStaplePolicy.
-
hasFullScanCertsOnSniMismatch
boolean hasFullScanCertsOnSniMismatch()Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
- Returns:
- Whether the fullScanCertsOnSniMismatch field is set.
-
getFullScanCertsOnSniMismatch
com.google.protobuf.BoolValue getFullScanCertsOnSniMismatch()Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
- Returns:
- The fullScanCertsOnSniMismatch.
-
getFullScanCertsOnSniMismatchOrBuilder
com.google.protobuf.BoolValueOrBuilder getFullScanCertsOnSniMismatchOrBuilder()Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
-
getSessionTicketKeysTypeCase
DownstreamTlsContext.SessionTicketKeysTypeCase getSessionTicketKeysTypeCase()
-