Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class TlsParameters.Builder

  • All Implemented Interfaces:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TlsParametersOrBuilder, java.lang.Cloneable
    Enclosing class:
    TlsParameters
    public static final class TlsParameters.Builder
extends com.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>
implements TlsParametersOrBuilder
     [#next-free-field: 6]
    Protobuf type envoy.extensions.transport_sockets.tls.v3.TlsParameters

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private Builder()  
      private Builder​(com.google.protobuf.AbstractMessage.BuilderParent parent)  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      TlsParameters.Builder addAllCipherSuites​(java.lang.Iterable<java.lang.String> values)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      TlsParameters.Builder addAllEcdhCurves​(java.lang.Iterable<java.lang.String> values)
      If specified, the TLS connection will only support the specified ECDH curves.
      TlsParameters.Builder addAllSignatureAlgorithms​(java.lang.Iterable<java.lang.String> values)
      If specified, the TLS connection will only support the specified signature algorithms.
      TlsParameters.Builder addCipherSuites​(java.lang.String value)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      TlsParameters.Builder addCipherSuitesBytes​(com.google.protobuf.ByteString value)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      TlsParameters.Builder addEcdhCurves​(java.lang.String value)
      If specified, the TLS connection will only support the specified ECDH curves.
      TlsParameters.Builder addEcdhCurvesBytes​(com.google.protobuf.ByteString value)
      If specified, the TLS connection will only support the specified ECDH curves.
      TlsParameters.Builder addSignatureAlgorithms​(java.lang.String value)
      If specified, the TLS connection will only support the specified signature algorithms.
      TlsParameters.Builder addSignatureAlgorithmsBytes​(com.google.protobuf.ByteString value)
      If specified, the TLS connection will only support the specified signature algorithms.
      TlsParameters build()  
      TlsParameters buildPartial()  
      private void buildPartial0​(TlsParameters result)  
      TlsParameters.Builder clear()  
      TlsParameters.Builder clearCipherSuites()
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      TlsParameters.Builder clearEcdhCurves()
      If specified, the TLS connection will only support the specified ECDH curves.
      TlsParameters.Builder clearSignatureAlgorithms()
      If specified, the TLS connection will only support the specified signature algorithms.
      TlsParameters.Builder clearTlsMaximumProtocolVersion()
      Maximum TLS protocol version.
      TlsParameters.Builder clearTlsMinimumProtocolVersion()
      Minimum TLS protocol version.
      private void ensureCipherSuitesIsMutable()  
      private void ensureEcdhCurvesIsMutable()  
      private void ensureSignatureAlgorithmsIsMutable()  
      java.lang.String getCipherSuites​(int index)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      com.google.protobuf.ByteString getCipherSuitesBytes​(int index)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      int getCipherSuitesCount()
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      com.google.protobuf.ProtocolStringList getCipherSuitesList()
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      TlsParameters getDefaultInstanceForType()  
      static com.google.protobuf.Descriptors.Descriptor getDescriptor()  
      com.google.protobuf.Descriptors.Descriptor getDescriptorForType()  
      java.lang.String getEcdhCurves​(int index)
      If specified, the TLS connection will only support the specified ECDH curves.
      com.google.protobuf.ByteString getEcdhCurvesBytes​(int index)
      If specified, the TLS connection will only support the specified ECDH curves.
      int getEcdhCurvesCount()
      If specified, the TLS connection will only support the specified ECDH curves.
      com.google.protobuf.ProtocolStringList getEcdhCurvesList()
      If specified, the TLS connection will only support the specified ECDH curves.
      java.lang.String getSignatureAlgorithms​(int index)
      If specified, the TLS connection will only support the specified signature algorithms.
      com.google.protobuf.ByteString getSignatureAlgorithmsBytes​(int index)
      If specified, the TLS connection will only support the specified signature algorithms.
      int getSignatureAlgorithmsCount()
      If specified, the TLS connection will only support the specified signature algorithms.
      com.google.protobuf.ProtocolStringList getSignatureAlgorithmsList()
      If specified, the TLS connection will only support the specified signature algorithms.
      TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
      Maximum TLS protocol version.
      int getTlsMaximumProtocolVersionValue()
      Maximum TLS protocol version.
      TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
      Minimum TLS protocol version.
      int getTlsMinimumProtocolVersionValue()
      Minimum TLS protocol version.
      protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()  
      boolean isInitialized()  
      TlsParameters.Builder mergeFrom​(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      TlsParameters.Builder mergeFrom​(com.google.protobuf.Message other)  
      TlsParameters.Builder mergeFrom​(TlsParameters other)  
      TlsParameters.Builder setCipherSuites​(int index, java.lang.String value)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      TlsParameters.Builder setEcdhCurves​(int index, java.lang.String value)
      If specified, the TLS connection will only support the specified ECDH curves.
      TlsParameters.Builder setSignatureAlgorithms​(int index, java.lang.String value)
      If specified, the TLS connection will only support the specified signature algorithms.
      TlsParameters.Builder setTlsMaximumProtocolVersion​(TlsParameters.TlsProtocol value)
      Maximum TLS protocol version.
      TlsParameters.Builder setTlsMaximumProtocolVersionValue​(int value)
      Maximum TLS protocol version.
      TlsParameters.Builder setTlsMinimumProtocolVersion​(TlsParameters.TlsProtocol value)
      Minimum TLS protocol version.
      TlsParameters.Builder setTlsMinimumProtocolVersionValue​(int value)
      Minimum TLS protocol version.

      • Methods inherited from class com.google.protobuf.GeneratedMessage.Builder

        addRepeatedField, clearField, clearOneof, clone, getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, getUnknownFieldSetBuilder, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, internalGetMutableMapField, internalGetMutableMapFieldReflection, isClean, markClean, mergeUnknownFields, mergeUnknownLengthDelimitedField, mergeUnknownVarintField, newBuilderForField, onBuilt, onChanged, parseUnknownField, setField, setRepeatedField, setUnknownFields, setUnknownFieldSetBuilder, setUnknownFieldsProto3

      • Methods inherited from class com.google.protobuf.AbstractMessage.Builder

        findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString

      • Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder

        addAll, addAll, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, newUninitializedMessageException

      • Methods inherited from class java.lang.Object

        equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

      • Methods inherited from interface com.google.protobuf.Message.Builder

        mergeDelimitedFrom, mergeDelimitedFrom

      • Methods inherited from interface com.google.protobuf.MessageLite.Builder

        mergeFrom

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

    • Field Detail

      • bitField0_

        private int bitField0_

      • tlsMinimumProtocolVersion_

        private int tlsMinimumProtocolVersion_

      • tlsMaximumProtocolVersion_

        private int tlsMaximumProtocolVersion_

      • cipherSuites_

        private com.google.protobuf.LazyStringArrayList cipherSuites_

      • ecdhCurves_

        private com.google.protobuf.LazyStringArrayList ecdhCurves_

      • signatureAlgorithms_

        private com.google.protobuf.LazyStringArrayList signatureAlgorithms_

    • Constructor Detail

      • Builder

        private Builder()

      • Builder

        private Builder​(com.google.protobuf.AbstractMessage.BuilderParent parent)

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>

      • clear

        public TlsParameters.Builder clear()
        Specified by:
        clear in interface com.google.protobuf.Message.Builder
        Specified by:
        clear in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clear in class com.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>

      • getDefaultInstanceForType

        public TlsParameters getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

      • build

        public TlsParameters build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder

      • buildPartial

        public TlsParameters buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder

      • buildPartial0

        private void buildPartial0​(TlsParameters result)

      • mergeFrom

        public TlsParameters.Builder mergeFrom​(com.google.protobuf.Message other)
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<TlsParameters.Builder>

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessage.Builder<TlsParameters.Builder>

      • mergeFrom

        public TlsParameters.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                       com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                throws java.io.IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<TlsParameters.Builder>
        Throws:
        java.io.IOException

      • getTlsMinimumProtocolVersionValue

        public int getTlsMinimumProtocolVersionValue()
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

 Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Specified by:
        getTlsMinimumProtocolVersionValue in interface TlsParametersOrBuilder
        Returns:
        The enum numeric value on the wire for tlsMinimumProtocolVersion.

      • setTlsMinimumProtocolVersionValue

        public TlsParameters.Builder setTlsMinimumProtocolVersionValue​(int value)
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

 Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Parameters:
        value - The enum numeric value on the wire for tlsMinimumProtocolVersion to set.
        Returns:
        This builder for chaining.

      • getTlsMinimumProtocolVersion

        public TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

 Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Specified by:
        getTlsMinimumProtocolVersion in interface TlsParametersOrBuilder
        Returns:
        The tlsMinimumProtocolVersion.

      • setTlsMinimumProtocolVersion

        public TlsParameters.Builder setTlsMinimumProtocolVersion​(TlsParameters.TlsProtocol value)
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

 Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Parameters:
        value - The tlsMinimumProtocolVersion to set.
        Returns:
        This builder for chaining.

      • clearTlsMinimumProtocolVersion

        public TlsParameters.Builder clearTlsMinimumProtocolVersion()
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

 Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Returns:
        This builder for chaining.

      • getTlsMaximumProtocolVersionValue

        public int getTlsMaximumProtocolVersionValue()
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Specified by:
        getTlsMaximumProtocolVersionValue in interface TlsParametersOrBuilder
        Returns:
        The enum numeric value on the wire for tlsMaximumProtocolVersion.

      • setTlsMaximumProtocolVersionValue

        public TlsParameters.Builder setTlsMaximumProtocolVersionValue​(int value)
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Parameters:
        value - The enum numeric value on the wire for tlsMaximumProtocolVersion to set.
        Returns:
        This builder for chaining.

      • getTlsMaximumProtocolVersion

        public TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Specified by:
        getTlsMaximumProtocolVersion in interface TlsParametersOrBuilder
        Returns:
        The tlsMaximumProtocolVersion.

      • setTlsMaximumProtocolVersion

        public TlsParameters.Builder setTlsMaximumProtocolVersion​(TlsParameters.TlsProtocol value)
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Parameters:
        value - The tlsMaximumProtocolVersion to set.
        Returns:
        This builder for chaining.

      • clearTlsMaximumProtocolVersion

        public TlsParameters.Builder clearTlsMaximumProtocolVersion()
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Returns:
        This builder for chaining.

      • ensureCipherSuitesIsMutable

        private void ensureCipherSuitesIsMutable()

      • getCipherSuitesList

        public com.google.protobuf.ProtocolStringList getCipherSuitesList()
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Specified by:
        getCipherSuitesList in interface TlsParametersOrBuilder
        Returns:
        A list containing the cipherSuites.

      • getCipherSuitesCount

        public int getCipherSuitesCount()
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Specified by:
        getCipherSuitesCount in interface TlsParametersOrBuilder
        Returns:
        The count of cipherSuites.

      • getCipherSuites

        public java.lang.String getCipherSuites​(int index)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Specified by:
        getCipherSuites in interface TlsParametersOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The cipherSuites at the given index.

      • getCipherSuitesBytes

        public com.google.protobuf.ByteString getCipherSuitesBytes​(int index)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Specified by:
        getCipherSuitesBytes in interface TlsParametersOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the cipherSuites at the given index.

      • setCipherSuites

        public TlsParameters.Builder setCipherSuites​(int index,
                                             java.lang.String value)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Parameters:
        index - The index to set the value at.
        value - The cipherSuites to set.
        Returns:
        This builder for chaining.

      • addCipherSuites

        public TlsParameters.Builder addCipherSuites​(java.lang.String value)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Parameters:
        value - The cipherSuites to add.
        Returns:
        This builder for chaining.

      • addAllCipherSuites

        public TlsParameters.Builder addAllCipherSuites​(java.lang.Iterable<java.lang.String> values)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Parameters:
        values - The cipherSuites to add.
        Returns:
        This builder for chaining.

      • clearCipherSuites

        public TlsParameters.Builder clearCipherSuites()
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Returns:
        This builder for chaining.

      • addCipherSuitesBytes

        public TlsParameters.Builder addCipherSuitesBytes​(com.google.protobuf.ByteString value)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

 [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

 ECDHE-ECDSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-ECDSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Parameters:
        value - The bytes of the cipherSuites to add.
        Returns:
        This builder for chaining.

      • ensureEcdhCurvesIsMutable

        private void ensureEcdhCurvesIsMutable()

      • getEcdhCurvesList

        public com.google.protobuf.ProtocolStringList getEcdhCurvesList()
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Specified by:
        getEcdhCurvesList in interface TlsParametersOrBuilder
        Returns:
        A list containing the ecdhCurves.

      • getEcdhCurvesCount

        public int getEcdhCurvesCount()
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Specified by:
        getEcdhCurvesCount in interface TlsParametersOrBuilder
        Returns:
        The count of ecdhCurves.

      • getEcdhCurves

        public java.lang.String getEcdhCurves​(int index)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Specified by:
        getEcdhCurves in interface TlsParametersOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The ecdhCurves at the given index.

      • getEcdhCurvesBytes

        public com.google.protobuf.ByteString getEcdhCurvesBytes​(int index)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Specified by:
        getEcdhCurvesBytes in interface TlsParametersOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the ecdhCurves at the given index.

      • setEcdhCurves

        public TlsParameters.Builder setEcdhCurves​(int index,
                                           java.lang.String value)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Parameters:
        index - The index to set the value at.
        value - The ecdhCurves to set.
        Returns:
        This builder for chaining.

      • addEcdhCurves

        public TlsParameters.Builder addEcdhCurves​(java.lang.String value)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Parameters:
        value - The ecdhCurves to add.
        Returns:
        This builder for chaining.

      • addAllEcdhCurves

        public TlsParameters.Builder addAllEcdhCurves​(java.lang.Iterable<java.lang.String> values)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Parameters:
        values - The ecdhCurves to add.
        Returns:
        This builder for chaining.

      • clearEcdhCurves

        public TlsParameters.Builder clearEcdhCurves()
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Returns:
        This builder for chaining.

      • addEcdhCurvesBytes

        public TlsParameters.Builder addEcdhCurvesBytes​(com.google.protobuf.ByteString value)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

 X25519
 P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

 P-256
        repeated string ecdh_curves = 4;
        Parameters:
        value - The bytes of the ecdhCurves to add.
        Returns:
        This builder for chaining.

      • ensureSignatureAlgorithmsIsMutable

        private void ensureSignatureAlgorithmsIsMutable()

      • getSignatureAlgorithmsList

        public com.google.protobuf.ProtocolStringList getSignatureAlgorithmsList()
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Specified by:
        getSignatureAlgorithmsList in interface TlsParametersOrBuilder
        Returns:
        A list containing the signatureAlgorithms.

      • getSignatureAlgorithmsCount

        public int getSignatureAlgorithmsCount()
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Specified by:
        getSignatureAlgorithmsCount in interface TlsParametersOrBuilder
        Returns:
        The count of signatureAlgorithms.

      • getSignatureAlgorithms

        public java.lang.String getSignatureAlgorithms​(int index)
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Specified by:
        getSignatureAlgorithms in interface TlsParametersOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The signatureAlgorithms at the given index.

      • getSignatureAlgorithmsBytes

        public com.google.protobuf.ByteString getSignatureAlgorithmsBytes​(int index)
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Specified by:
        getSignatureAlgorithmsBytes in interface TlsParametersOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the signatureAlgorithms at the given index.

      • setSignatureAlgorithms

        public TlsParameters.Builder setSignatureAlgorithms​(int index,
                                                    java.lang.String value)
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Parameters:
        index - The index to set the value at.
        value - The signatureAlgorithms to set.
        Returns:
        This builder for chaining.

      • addSignatureAlgorithms

        public TlsParameters.Builder addSignatureAlgorithms​(java.lang.String value)
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Parameters:
        value - The signatureAlgorithms to add.
        Returns:
        This builder for chaining.

      • addAllSignatureAlgorithms

        public TlsParameters.Builder addAllSignatureAlgorithms​(java.lang.Iterable<java.lang.String> values)
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Parameters:
        values - The signatureAlgorithms to add.
        Returns:
        This builder for chaining.

      • clearSignatureAlgorithms

        public TlsParameters.Builder clearSignatureAlgorithms()
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Returns:
        This builder for chaining.

      • addSignatureAlgorithmsBytes

        public TlsParameters.Builder addSignatureAlgorithmsBytes​(com.google.protobuf.ByteString value)
         If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

 ecdsa_secp256r1_sha256
 rsa_pss_rsae_sha256
 rsa_pkcs1_sha256
 ecdsa_secp384r1_sha384
 rsa_pss_rsae_sha384
 rsa_pkcs1_sha384
 rsa_pss_rsae_sha512
 rsa_pkcs1_sha512
 rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

 rsa_pkcs1_sha256
 rsa_pkcs1_sha384
 rsa_pkcs1_sha512
 ecdsa_secp256r1_sha256
 ecdsa_secp384r1_sha384
 ecdsa_secp521r1_sha512
 rsa_pss_rsae_sha256
 rsa_pss_rsae_sha384
 rsa_pss_rsae_sha512
 ed25519
 rsa_pkcs1_sha1
 ecdsa_sha1
        repeated string signature_algorithms = 5;
        Parameters:
        value - The bytes of the signatureAlgorithms to add.
        Returns:
        This builder for chaining.