Package io.envoyproxy.envoy.api.v2.auth

Interface TlsParametersOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
TlsParameters, TlsParameters.Builder
public interface TlsParametersOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getCipherSuites(int index)
    If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
    com.google.protobuf.ByteString
    getCipherSuitesBytes(int index)
    If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
    int
    getCipherSuitesCount()
    If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
    List<String>
    getCipherSuitesList()
    If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
    String
    getEcdhCurves(int index)
    If specified, the TLS connection will only support the specified ECDH curves.
    com.google.protobuf.ByteString
    getEcdhCurvesBytes(int index)
    If specified, the TLS connection will only support the specified ECDH curves.
    int
    getEcdhCurvesCount()
    If specified, the TLS connection will only support the specified ECDH curves.
    List<String>
    getEcdhCurvesList()
    If specified, the TLS connection will only support the specified ECDH curves.
    TlsParameters.TlsProtocol
    getTlsMaximumProtocolVersion()
    Maximum TLS protocol version.
    int
    getTlsMaximumProtocolVersionValue()
    Maximum TLS protocol version.
    TlsParameters.TlsProtocol
    getTlsMinimumProtocolVersion()
    Minimum TLS protocol version.
    int
    getTlsMinimumProtocolVersionValue()
    Minimum TLS protocol version.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Method Details

    • getTlsMinimumProtocolVersionValue

      int getTlsMinimumProtocolVersionValue()
       Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
      .envoy.api.v2.auth.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
      Returns:
      The enum numeric value on the wire for tlsMinimumProtocolVersion.

    • getTlsMinimumProtocolVersion

      TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
       Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
      .envoy.api.v2.auth.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
      Returns:
      The tlsMinimumProtocolVersion.

    • getTlsMaximumProtocolVersionValue

      int getTlsMaximumProtocolVersionValue()
       Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
      .envoy.api.v2.auth.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
      Returns:
      The enum numeric value on the wire for tlsMaximumProtocolVersion.

    • getTlsMaximumProtocolVersion

      TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
       Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
      .envoy.api.v2.auth.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
      Returns:
      The tlsMaximumProtocolVersion.

    • getCipherSuitesList

      List<String> getCipherSuitesList()
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not
 specified, the default list will be used.

 In non-FIPS builds, the default cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA
      repeated string cipher_suites = 3;
      Returns:
      A list containing the cipherSuites.

    • getCipherSuitesCount

      int getCipherSuitesCount()
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not
 specified, the default list will be used.

 In non-FIPS builds, the default cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA
      repeated string cipher_suites = 3;
      Returns:
      The count of cipherSuites.

    • getCipherSuites

      String getCipherSuites(int index)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not
 specified, the default list will be used.

 In non-FIPS builds, the default cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA
      repeated string cipher_suites = 3;
      Parameters:
      index - The index of the element to return.
      Returns:
      The cipherSuites at the given index.

    • getCipherSuitesBytes

      com.google.protobuf.ByteString getCipherSuitesBytes(int index)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not
 specified, the default list will be used.

 In non-FIPS builds, the default cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES128-SHA
   ECDHE-RSA-AES128-SHA
   AES128-GCM-SHA256
   AES128-SHA
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
   ECDHE-ECDSA-AES256-SHA
   ECDHE-RSA-AES256-SHA
   AES256-GCM-SHA384
   AES256-SHA
      repeated string cipher_suites = 3;
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the cipherSuites at the given index.

    • getEcdhCurvesList

      List<String> getEcdhCurvesList()
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Returns:
      A list containing the ecdhCurves.

    • getEcdhCurvesCount

      int getEcdhCurvesCount()
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Returns:
      The count of ecdhCurves.

    • getEcdhCurves

      String getEcdhCurves(int index)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Parameters:
      index - The index of the element to return.
      Returns:
      The ecdhCurves at the given index.

    • getEcdhCurvesBytes

      com.google.protobuf.ByteString getEcdhCurvesBytes(int index)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the ecdhCurves at the given index.