Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Interface UpstreamTlsContextOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    UpstreamTlsContext, UpstreamTlsContext.Builder
    public interface UpstreamTlsContextOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean getAllowRenegotiation()
      If true, server-initiated TLS renegotiation will be allowed.
      CommonTlsContext getCommonTlsContext()
      Common TLS context settings.
      CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
      Common TLS context settings.
      com.google.protobuf.BoolValue getEnforceRsaKeyUsage()
      This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension is present and incompatible with the TLS usage.
      com.google.protobuf.BoolValueOrBuilder getEnforceRsaKeyUsageOrBuilder()
      This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension is present and incompatible with the TLS usage.
      com.google.protobuf.UInt32Value getMaxSessionKeys()
      Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets for TLSv1.2 and older) to store for the purpose of session resumption.
      com.google.protobuf.UInt32ValueOrBuilder getMaxSessionKeysOrBuilder()
      Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets for TLSv1.2 and older) to store for the purpose of session resumption.
      java.lang.String getSni()
      SNI string to use when creating TLS backend connections.
      com.google.protobuf.ByteString getSniBytes()
      SNI string to use when creating TLS backend connections.
      boolean hasCommonTlsContext()
      Common TLS context settings.
      boolean hasEnforceRsaKeyUsage()
      This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension is present and incompatible with the TLS usage.
      boolean hasMaxSessionKeys()
      Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets for TLSv1.2 and older) to store for the purpose of session resumption.

      • Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

        isInitialized

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

    • Method Detail

      • hasCommonTlsContext

        boolean hasCommonTlsContext()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Returns:
        Whether the commonTlsContext field is set.

      • getCommonTlsContext

        CommonTlsContext getCommonTlsContext()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Returns:
        The commonTlsContext.

      • getCommonTlsContextOrBuilder

        CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

      • getSni

        java.lang.String getSni()
         SNI string to use when creating TLS backend connections.
        string sni = 2 [(.validate.rules) = { ... }
        Returns:
        The sni.

      • getSniBytes

        com.google.protobuf.ByteString getSniBytes()
         SNI string to use when creating TLS backend connections.
        string sni = 2 [(.validate.rules) = { ... }
        Returns:
        The bytes for sni.

      • getAllowRenegotiation

        boolean getAllowRenegotiation()
         If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

 TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
        bool allow_renegotiation = 3;
        Returns:
        The allowRenegotiation.

      • hasMaxSessionKeys

        boolean hasMaxSessionKeys()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;
        Returns:
        Whether the maxSessionKeys field is set.

      • getMaxSessionKeys

        com.google.protobuf.UInt32Value getMaxSessionKeys()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;
        Returns:
        The maxSessionKeys.

      • getMaxSessionKeysOrBuilder

        com.google.protobuf.UInt32ValueOrBuilder getMaxSessionKeysOrBuilder()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;

      • hasEnforceRsaKeyUsage

        boolean hasEnforceRsaKeyUsage()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
        Returns:
        Whether the enforceRsaKeyUsage field is set.

      • getEnforceRsaKeyUsage

        com.google.protobuf.BoolValue getEnforceRsaKeyUsage()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
        Returns:
        The enforceRsaKeyUsage.

      • getEnforceRsaKeyUsageOrBuilder

        com.google.protobuf.BoolValueOrBuilder getEnforceRsaKeyUsageOrBuilder()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;