Interface TlsInspectorOrBuilder
- All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder,com.google.protobuf.MessageOrBuilder
- All Known Implementing Classes:
TlsInspector,TlsInspector.Builder
public interface TlsInspectorOrBuilder
extends com.google.protobuf.MessageOrBuilder
-
Method Summary
Modifier and TypeMethodDescriptionbooleanClose connection when TLS ClientHello message could not be parsed.com.google.protobuf.BoolValuePopulate ``JA3`` fingerprint hash using data from the TLS Client Hello packet.com.google.protobuf.BoolValueOrBuilderPopulate ``JA3`` fingerprint hash using data from the TLS Client Hello packet.com.google.protobuf.BoolValuePopulate ``JA4`` fingerprint hash using data from the TLS Client Hello packet.com.google.protobuf.BoolValueOrBuilderPopulate ``JA4`` fingerprint hash using data from the TLS Client Hello packet.com.google.protobuf.UInt32ValueThe size in bytes of the initial buffer requested by the tls_inspector.com.google.protobuf.UInt32ValueOrBuilderThe size in bytes of the initial buffer requested by the tls_inspector.com.google.protobuf.UInt32ValueThe maximum size in bytes of the ClientHello that the tls_inspector will process.com.google.protobuf.UInt32ValueOrBuilderThe maximum size in bytes of the ClientHello that the tls_inspector will process.booleanPopulate ``JA3`` fingerprint hash using data from the TLS Client Hello packet.booleanPopulate ``JA4`` fingerprint hash using data from the TLS Client Hello packet.booleanThe size in bytes of the initial buffer requested by the tls_inspector.booleanThe maximum size in bytes of the ClientHello that the tls_inspector will process.Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder
isInitializedMethods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
-
Method Details
-
hasEnableJa3Fingerprinting
boolean hasEnableJa3Fingerprinting()Populate ``JA3`` fingerprint hash using data from the TLS Client Hello packet. Default is false.
.google.protobuf.BoolValue enable_ja3_fingerprinting = 1;- Returns:
- Whether the enableJa3Fingerprinting field is set.
-
getEnableJa3Fingerprinting
com.google.protobuf.BoolValue getEnableJa3Fingerprinting()Populate ``JA3`` fingerprint hash using data from the TLS Client Hello packet. Default is false.
.google.protobuf.BoolValue enable_ja3_fingerprinting = 1;- Returns:
- The enableJa3Fingerprinting.
-
getEnableJa3FingerprintingOrBuilder
com.google.protobuf.BoolValueOrBuilder getEnableJa3FingerprintingOrBuilder()Populate ``JA3`` fingerprint hash using data from the TLS Client Hello packet. Default is false.
.google.protobuf.BoolValue enable_ja3_fingerprinting = 1; -
hasEnableJa4Fingerprinting
boolean hasEnableJa4Fingerprinting()Populate ``JA4`` fingerprint hash using data from the TLS Client Hello packet. ``JA4`` is an improved version of ``JA3`` that includes TLS version, ciphers, extensions, and ALPN information in a hex format. Default is false.
.google.protobuf.BoolValue enable_ja4_fingerprinting = 3;- Returns:
- Whether the enableJa4Fingerprinting field is set.
-
getEnableJa4Fingerprinting
com.google.protobuf.BoolValue getEnableJa4Fingerprinting()Populate ``JA4`` fingerprint hash using data from the TLS Client Hello packet. ``JA4`` is an improved version of ``JA3`` that includes TLS version, ciphers, extensions, and ALPN information in a hex format. Default is false.
.google.protobuf.BoolValue enable_ja4_fingerprinting = 3;- Returns:
- The enableJa4Fingerprinting.
-
getEnableJa4FingerprintingOrBuilder
com.google.protobuf.BoolValueOrBuilder getEnableJa4FingerprintingOrBuilder()Populate ``JA4`` fingerprint hash using data from the TLS Client Hello packet. ``JA4`` is an improved version of ``JA3`` that includes TLS version, ciphers, extensions, and ALPN information in a hex format. Default is false.
.google.protobuf.BoolValue enable_ja4_fingerprinting = 3; -
hasInitialReadBufferSize
boolean hasInitialReadBufferSize()The size in bytes of the initial buffer requested by the tls_inspector. If the filter needs to read additional bytes from the socket, the filter will double the buffer up to it's default maximum of 16KiB. If this size is not defined, defaults to maximum 16KiB that the tls inspector will consume.
.google.protobuf.UInt32Value initial_read_buffer_size = 2 [(.validate.rules) = { ... }- Returns:
- Whether the initialReadBufferSize field is set.
-
getInitialReadBufferSize
com.google.protobuf.UInt32Value getInitialReadBufferSize()The size in bytes of the initial buffer requested by the tls_inspector. If the filter needs to read additional bytes from the socket, the filter will double the buffer up to it's default maximum of 16KiB. If this size is not defined, defaults to maximum 16KiB that the tls inspector will consume.
.google.protobuf.UInt32Value initial_read_buffer_size = 2 [(.validate.rules) = { ... }- Returns:
- The initialReadBufferSize.
-
getInitialReadBufferSizeOrBuilder
com.google.protobuf.UInt32ValueOrBuilder getInitialReadBufferSizeOrBuilder()The size in bytes of the initial buffer requested by the tls_inspector. If the filter needs to read additional bytes from the socket, the filter will double the buffer up to it's default maximum of 16KiB. If this size is not defined, defaults to maximum 16KiB that the tls inspector will consume.
.google.protobuf.UInt32Value initial_read_buffer_size = 2 [(.validate.rules) = { ... } -
getCloseConnectionOnClientHelloParsingErrors
boolean getCloseConnectionOnClientHelloParsingErrors()Close connection when TLS ClientHello message could not be parsed. This flag should be enabled only if it is known that incoming connections are expected to use TLS protocol, as Envoy does not distinguish between a plain text message or a malformed TLS ClientHello message. By default this flag is false and TLS ClientHello parsing errors are interpreted as a plain text connection. Setting this to true will cause connections to be terminated and the ``client_hello_too_large`` counter to be incremented if the ClientHello message is over implementation defined limit (currently 16Kb).
bool close_connection_on_client_hello_parsing_errors = 4;- Returns:
- The closeConnectionOnClientHelloParsingErrors.
-
hasMaxClientHelloSize
boolean hasMaxClientHelloSize()The maximum size in bytes of the ClientHello that the tls_inspector will process. If the ClientHello is larger than this size, the tls_inspector will stop processing and indicate failure. If not defined, defaults to 16KiB.
.google.protobuf.UInt32Value max_client_hello_size = 5 [(.validate.rules) = { ... }- Returns:
- Whether the maxClientHelloSize field is set.
-
getMaxClientHelloSize
com.google.protobuf.UInt32Value getMaxClientHelloSize()The maximum size in bytes of the ClientHello that the tls_inspector will process. If the ClientHello is larger than this size, the tls_inspector will stop processing and indicate failure. If not defined, defaults to 16KiB.
.google.protobuf.UInt32Value max_client_hello_size = 5 [(.validate.rules) = { ... }- Returns:
- The maxClientHelloSize.
-
getMaxClientHelloSizeOrBuilder
com.google.protobuf.UInt32ValueOrBuilder getMaxClientHelloSizeOrBuilder()The maximum size in bytes of the ClientHello that the tls_inspector will process. If the ClientHello is larger than this size, the tls_inspector will stop processing and indicate failure. If not defined, defaults to 16KiB.
.google.protobuf.UInt32Value max_client_hello_size = 5 [(.validate.rules) = { ... }
-