Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class DownstreamTlsContext.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderT>
com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>
io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, DownstreamTlsContextOrBuilder, Cloneable
Enclosing class:
DownstreamTlsContext
public static final class DownstreamTlsContext.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder> implements DownstreamTlsContextOrBuilder
 [#next-free-field: 12]
Protobuf type envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • clear

      public DownstreamTlsContext.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • getDefaultInstanceForType

      public DownstreamTlsContext getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public DownstreamTlsContext build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public DownstreamTlsContext buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public DownstreamTlsContext.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • setField

      public DownstreamTlsContext.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • clearField

      public DownstreamTlsContext.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • clearOneof

      public DownstreamTlsContext.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • setRepeatedField

      public DownstreamTlsContext.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • addRepeatedField

      public DownstreamTlsContext.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • mergeFrom

      public DownstreamTlsContext.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<DownstreamTlsContext.Builder>

    • mergeFrom

      public DownstreamTlsContext.Builder mergeFrom(DownstreamTlsContext other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • mergeFrom

      public DownstreamTlsContext.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<DownstreamTlsContext.Builder>
      Throws:
      IOException

    • getSessionTicketKeysTypeCase

      public DownstreamTlsContext.SessionTicketKeysTypeCase getSessionTicketKeysTypeCase()
      Specified by:
      getSessionTicketKeysTypeCase in interface DownstreamTlsContextOrBuilder

    • clearSessionTicketKeysType

      public DownstreamTlsContext.Builder clearSessionTicketKeysType()

    • hasCommonTlsContext

      public boolean hasCommonTlsContext()
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      hasCommonTlsContext in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the commonTlsContext field is set.

    • getCommonTlsContext

      public CommonTlsContext getCommonTlsContext()
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContext in interface DownstreamTlsContextOrBuilder
      Returns:
      The commonTlsContext.

    • setCommonTlsContext

      public DownstreamTlsContext.Builder setCommonTlsContext(CommonTlsContext value)
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • setCommonTlsContext

      public DownstreamTlsContext.Builder setCommonTlsContext(CommonTlsContext.Builder builderForValue)
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • mergeCommonTlsContext

      public DownstreamTlsContext.Builder mergeCommonTlsContext(CommonTlsContext value)
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • clearCommonTlsContext

      public DownstreamTlsContext.Builder clearCommonTlsContext()
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • getCommonTlsContextBuilder

      public CommonTlsContext.Builder getCommonTlsContextBuilder()
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • getCommonTlsContextOrBuilder

      public CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
       Common TLS context settings.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContextOrBuilder in interface DownstreamTlsContextOrBuilder

    • hasRequireClientCertificate

      public boolean hasRequireClientCertificate()
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;
      Specified by:
      hasRequireClientCertificate in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the requireClientCertificate field is set.

    • getRequireClientCertificate

      public com.google.protobuf.BoolValue getRequireClientCertificate()
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;
      Specified by:
      getRequireClientCertificate in interface DownstreamTlsContextOrBuilder
      Returns:
      The requireClientCertificate.

    • setRequireClientCertificate

      public DownstreamTlsContext.Builder setRequireClientCertificate(com.google.protobuf.BoolValue value)
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;

    • setRequireClientCertificate

      public DownstreamTlsContext.Builder setRequireClientCertificate(com.google.protobuf.BoolValue.Builder builderForValue)
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;

    • mergeRequireClientCertificate

      public DownstreamTlsContext.Builder mergeRequireClientCertificate(com.google.protobuf.BoolValue value)
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;

    • clearRequireClientCertificate

      public DownstreamTlsContext.Builder clearRequireClientCertificate()
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;

    • getRequireClientCertificateBuilder

      public com.google.protobuf.BoolValue.Builder getRequireClientCertificateBuilder()
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;

    • getRequireClientCertificateOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getRequireClientCertificateOrBuilder()
       If specified, Envoy will reject connections without a valid client
 certificate.
      .google.protobuf.BoolValue require_client_certificate = 2;
      Specified by:
      getRequireClientCertificateOrBuilder in interface DownstreamTlsContextOrBuilder

    • hasRequireSni

      public boolean hasRequireSni()
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;
      Specified by:
      hasRequireSni in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the requireSni field is set.

    • getRequireSni

      public com.google.protobuf.BoolValue getRequireSni()
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;
      Specified by:
      getRequireSni in interface DownstreamTlsContextOrBuilder
      Returns:
      The requireSni.

    • setRequireSni

      public DownstreamTlsContext.Builder setRequireSni(com.google.protobuf.BoolValue value)
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;

    • setRequireSni

      public DownstreamTlsContext.Builder setRequireSni(com.google.protobuf.BoolValue.Builder builderForValue)
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;

    • mergeRequireSni

      public DownstreamTlsContext.Builder mergeRequireSni(com.google.protobuf.BoolValue value)
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;

    • clearRequireSni

      public DownstreamTlsContext.Builder clearRequireSni()
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;

    • getRequireSniBuilder

      public com.google.protobuf.BoolValue.Builder getRequireSniBuilder()
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;

    • getRequireSniOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getRequireSniOrBuilder()
       If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
      .google.protobuf.BoolValue require_sni = 3;
      Specified by:
      getRequireSniOrBuilder in interface DownstreamTlsContextOrBuilder

    • hasSessionTicketKeys

      public boolean hasSessionTicketKeys()
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      Specified by:
      hasSessionTicketKeys in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the sessionTicketKeys field is set.

    • getSessionTicketKeys

      public TlsSessionTicketKeys getSessionTicketKeys()
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      Specified by:
      getSessionTicketKeys in interface DownstreamTlsContextOrBuilder
      Returns:
      The sessionTicketKeys.

    • setSessionTicketKeys

      public DownstreamTlsContext.Builder setSessionTicketKeys(TlsSessionTicketKeys value)
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;

    • setSessionTicketKeys

      public DownstreamTlsContext.Builder setSessionTicketKeys(TlsSessionTicketKeys.Builder builderForValue)
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;

    • mergeSessionTicketKeys

      public DownstreamTlsContext.Builder mergeSessionTicketKeys(TlsSessionTicketKeys value)
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;

    • clearSessionTicketKeys

      public DownstreamTlsContext.Builder clearSessionTicketKeys()
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;

    • getSessionTicketKeysBuilder

      public TlsSessionTicketKeys.Builder getSessionTicketKeysBuilder()
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;

    • getSessionTicketKeysOrBuilder

      public TlsSessionTicketKeysOrBuilder getSessionTicketKeysOrBuilder()
       TLS session ticket key settings.
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      Specified by:
      getSessionTicketKeysOrBuilder in interface DownstreamTlsContextOrBuilder

    • hasSessionTicketKeysSdsSecretConfig

      public boolean hasSessionTicketKeysSdsSecretConfig()
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      Specified by:
      hasSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the sessionTicketKeysSdsSecretConfig field is set.

    • getSessionTicketKeysSdsSecretConfig

      public SdsSecretConfig getSessionTicketKeysSdsSecretConfig()
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      Specified by:
      getSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
      Returns:
      The sessionTicketKeysSdsSecretConfig.

    • setSessionTicketKeysSdsSecretConfig

      public DownstreamTlsContext.Builder setSessionTicketKeysSdsSecretConfig(SdsSecretConfig value)
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;

    • setSessionTicketKeysSdsSecretConfig

      public DownstreamTlsContext.Builder setSessionTicketKeysSdsSecretConfig(SdsSecretConfig.Builder builderForValue)
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;

    • mergeSessionTicketKeysSdsSecretConfig

      public DownstreamTlsContext.Builder mergeSessionTicketKeysSdsSecretConfig(SdsSecretConfig value)
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;

    • clearSessionTicketKeysSdsSecretConfig

      public DownstreamTlsContext.Builder clearSessionTicketKeysSdsSecretConfig()
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;

    • getSessionTicketKeysSdsSecretConfigBuilder

      public SdsSecretConfig.Builder getSessionTicketKeysSdsSecretConfigBuilder()
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;

    • getSessionTicketKeysSdsSecretConfigOrBuilder

      public SdsSecretConfigOrBuilder getSessionTicketKeysSdsSecretConfigOrBuilder()
       Config for fetching TLS session ticket keys via SDS API.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      Specified by:
      getSessionTicketKeysSdsSecretConfigOrBuilder in interface DownstreamTlsContextOrBuilder

    • hasDisableStatelessSessionResumption

      public boolean hasDisableStatelessSessionResumption()
       Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
 server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
 If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
 the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
 If this config is set to false and no keys are explicitly configured, the TLS server will issue
 TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
 implication that sessions cannot be resumed across hot restarts or on different hosts.
      bool disable_stateless_session_resumption = 7;
      Specified by:
      hasDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the disableStatelessSessionResumption field is set.

    • getDisableStatelessSessionResumption

      public boolean getDisableStatelessSessionResumption()
       Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
 server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
 If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
 the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
 If this config is set to false and no keys are explicitly configured, the TLS server will issue
 TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
 implication that sessions cannot be resumed across hot restarts or on different hosts.
      bool disable_stateless_session_resumption = 7;
      Specified by:
      getDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
      Returns:
      The disableStatelessSessionResumption.

    • setDisableStatelessSessionResumption

      public DownstreamTlsContext.Builder setDisableStatelessSessionResumption(boolean value)
       Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
 server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
 If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
 the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
 If this config is set to false and no keys are explicitly configured, the TLS server will issue
 TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
 implication that sessions cannot be resumed across hot restarts or on different hosts.
      bool disable_stateless_session_resumption = 7;
      Parameters:
      value - The disableStatelessSessionResumption to set.
      Returns:
      This builder for chaining.

    • clearDisableStatelessSessionResumption

      public DownstreamTlsContext.Builder clearDisableStatelessSessionResumption()
       Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
 server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
 If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
 the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
 If this config is set to false and no keys are explicitly configured, the TLS server will issue
 TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
 implication that sessions cannot be resumed across hot restarts or on different hosts.
      bool disable_stateless_session_resumption = 7;
      Returns:
      This builder for chaining.

    • getDisableStatefulSessionResumption

      public boolean getDisableStatefulSessionResumption()
       If ``true``, the TLS server will not maintain a session cache of TLS sessions.

 .. note::
   This applies only to TLSv1.2 and earlier.
      bool disable_stateful_session_resumption = 10;
      Specified by:
      getDisableStatefulSessionResumption in interface DownstreamTlsContextOrBuilder
      Returns:
      The disableStatefulSessionResumption.

    • setDisableStatefulSessionResumption

      public DownstreamTlsContext.Builder setDisableStatefulSessionResumption(boolean value)
       If ``true``, the TLS server will not maintain a session cache of TLS sessions.

 .. note::
   This applies only to TLSv1.2 and earlier.
      bool disable_stateful_session_resumption = 10;
      Parameters:
      value - The disableStatefulSessionResumption to set.
      Returns:
      This builder for chaining.

    • clearDisableStatefulSessionResumption

      public DownstreamTlsContext.Builder clearDisableStatefulSessionResumption()
       If ``true``, the TLS server will not maintain a session cache of TLS sessions.

 .. note::
   This applies only to TLSv1.2 and earlier.
      bool disable_stateful_session_resumption = 10;
      Returns:
      This builder for chaining.

    • hasSessionTimeout

      public boolean hasSessionTimeout()
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      Specified by:
      hasSessionTimeout in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the sessionTimeout field is set.

    • getSessionTimeout

      public com.google.protobuf.Duration getSessionTimeout()
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      Specified by:
      getSessionTimeout in interface DownstreamTlsContextOrBuilder
      Returns:
      The sessionTimeout.

    • setSessionTimeout

      public DownstreamTlsContext.Builder setSessionTimeout(com.google.protobuf.Duration value)
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }

    • setSessionTimeout

      public DownstreamTlsContext.Builder setSessionTimeout(com.google.protobuf.Duration.Builder builderForValue)
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }

    • mergeSessionTimeout

      public DownstreamTlsContext.Builder mergeSessionTimeout(com.google.protobuf.Duration value)
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }

    • clearSessionTimeout

      public DownstreamTlsContext.Builder clearSessionTimeout()
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }

    • getSessionTimeoutBuilder

      public com.google.protobuf.Duration.Builder getSessionTimeoutBuilder()
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }

    • getSessionTimeoutOrBuilder

      public com.google.protobuf.DurationOrBuilder getSessionTimeoutOrBuilder()
       Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
 of the TLS session.

 This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only whole seconds are considered; fractional seconds are ignored.
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      Specified by:
      getSessionTimeoutOrBuilder in interface DownstreamTlsContextOrBuilder

    • getOcspStaplePolicyValue

      public int getOcspStaplePolicyValue()
       Configuration for handling certificates without an OCSP response or with expired responses.

 Defaults to ``LENIENT_STAPLING``
      .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
      Specified by:
      getOcspStaplePolicyValue in interface DownstreamTlsContextOrBuilder
      Returns:
      The enum numeric value on the wire for ocspStaplePolicy.

    • setOcspStaplePolicyValue

      public DownstreamTlsContext.Builder setOcspStaplePolicyValue(int value)
       Configuration for handling certificates without an OCSP response or with expired responses.

 Defaults to ``LENIENT_STAPLING``
      .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
      Parameters:
      value - The enum numeric value on the wire for ocspStaplePolicy to set.
      Returns:
      This builder for chaining.

    • getOcspStaplePolicy

      public DownstreamTlsContext.OcspStaplePolicy getOcspStaplePolicy()
       Configuration for handling certificates without an OCSP response or with expired responses.

 Defaults to ``LENIENT_STAPLING``
      .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
      Specified by:
      getOcspStaplePolicy in interface DownstreamTlsContextOrBuilder
      Returns:
      The ocspStaplePolicy.

    • setOcspStaplePolicy

      public DownstreamTlsContext.Builder setOcspStaplePolicy(DownstreamTlsContext.OcspStaplePolicy value)
       Configuration for handling certificates without an OCSP response or with expired responses.

 Defaults to ``LENIENT_STAPLING``
      .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
      Parameters:
      value - The ocspStaplePolicy to set.
      Returns:
      This builder for chaining.

    • clearOcspStaplePolicy

      public DownstreamTlsContext.Builder clearOcspStaplePolicy()
       Configuration for handling certificates without an OCSP response or with expired responses.

 Defaults to ``LENIENT_STAPLING``
      .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
      Returns:
      This builder for chaining.

    • hasFullScanCertsOnSniMismatch

      public boolean hasFullScanCertsOnSniMismatch()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      Specified by:
      hasFullScanCertsOnSniMismatch in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the fullScanCertsOnSniMismatch field is set.

    • getFullScanCertsOnSniMismatch

      public com.google.protobuf.BoolValue getFullScanCertsOnSniMismatch()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      Specified by:
      getFullScanCertsOnSniMismatch in interface DownstreamTlsContextOrBuilder
      Returns:
      The fullScanCertsOnSniMismatch.

    • setFullScanCertsOnSniMismatch

      public DownstreamTlsContext.Builder setFullScanCertsOnSniMismatch(com.google.protobuf.BoolValue value)
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;

    • setFullScanCertsOnSniMismatch

      public DownstreamTlsContext.Builder setFullScanCertsOnSniMismatch(com.google.protobuf.BoolValue.Builder builderForValue)
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;

    • mergeFullScanCertsOnSniMismatch

      public DownstreamTlsContext.Builder mergeFullScanCertsOnSniMismatch(com.google.protobuf.BoolValue value)
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;

    • clearFullScanCertsOnSniMismatch

      public DownstreamTlsContext.Builder clearFullScanCertsOnSniMismatch()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;

    • getFullScanCertsOnSniMismatchBuilder

      public com.google.protobuf.BoolValue.Builder getFullScanCertsOnSniMismatchBuilder()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;

    • getFullScanCertsOnSniMismatchOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getFullScanCertsOnSniMismatchOrBuilder()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
 This option controls the behavior when no matching certificate is found for the received SNI value,
 or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
 such as key type and OCSP settings. If disabled, the first provided certificate will be used.
 Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      Specified by:
      getFullScanCertsOnSniMismatchOrBuilder in interface DownstreamTlsContextOrBuilder

    • getPreferClientCiphers

      public boolean getPreferClientCiphers()
       If ``true``, the downstream client's preferred cipher is used during the handshake. If ``false``, Envoy
 uses its preferred cipher.

 .. note::
   This has no effect when using TLSv1_3.
      bool prefer_client_ciphers = 11;
      Specified by:
      getPreferClientCiphers in interface DownstreamTlsContextOrBuilder
      Returns:
      The preferClientCiphers.

    • setPreferClientCiphers

      public DownstreamTlsContext.Builder setPreferClientCiphers(boolean value)
       If ``true``, the downstream client's preferred cipher is used during the handshake. If ``false``, Envoy
 uses its preferred cipher.

 .. note::
   This has no effect when using TLSv1_3.
      bool prefer_client_ciphers = 11;
      Parameters:
      value - The preferClientCiphers to set.
      Returns:
      This builder for chaining.

    • clearPreferClientCiphers

      public DownstreamTlsContext.Builder clearPreferClientCiphers()
       If ``true``, the downstream client's preferred cipher is used during the handshake. If ``false``, Envoy
 uses its preferred cipher.

 .. note::
   This has no effect when using TLSv1_3.
      bool prefer_client_ciphers = 11;
      Returns:
      This builder for chaining.

    • setUnknownFields

      public final DownstreamTlsContext.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>

    • mergeUnknownFields

      public final DownstreamTlsContext.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<DownstreamTlsContext.Builder>