Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class TlsParameters.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderT>
com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>
io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsParameters.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TlsParametersOrBuilder, Cloneable
Enclosing class:
TlsParameters
public static final class TlsParameters.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder> implements TlsParametersOrBuilder
 [#next-free-field: 7]
Protobuf type envoy.extensions.transport_sockets.tls.v3.TlsParameters

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • clear

      public TlsParameters.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • getDefaultInstanceForType

      public TlsParameters getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public TlsParameters build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public TlsParameters buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public TlsParameters.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • setField

      public TlsParameters.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • clearField

      public TlsParameters.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • clearOneof

      public TlsParameters.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • setRepeatedField

      public TlsParameters.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • addRepeatedField

      public TlsParameters.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • mergeFrom

      public TlsParameters.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<TlsParameters.Builder>

    • mergeFrom

      public TlsParameters.Builder mergeFrom(TlsParameters other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • mergeFrom

      public TlsParameters.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<TlsParameters.Builder>
      Throws:
      IOException

    • getTlsMinimumProtocolVersionValue

      public int getTlsMinimumProtocolVersionValue()
       Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

   Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
      Specified by:
      getTlsMinimumProtocolVersionValue in interface TlsParametersOrBuilder
      Returns:
      The enum numeric value on the wire for tlsMinimumProtocolVersion.

    • setTlsMinimumProtocolVersionValue

      public TlsParameters.Builder setTlsMinimumProtocolVersionValue(int value)
       Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

   Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
      Parameters:
      value - The enum numeric value on the wire for tlsMinimumProtocolVersion to set.
      Returns:
      This builder for chaining.

    • getTlsMinimumProtocolVersion

      public TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
       Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

   Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
      Specified by:
      getTlsMinimumProtocolVersion in interface TlsParametersOrBuilder
      Returns:
      The tlsMinimumProtocolVersion.

    • setTlsMinimumProtocolVersion

      public TlsParameters.Builder setTlsMinimumProtocolVersion(TlsParameters.TlsProtocol value)
       Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

   Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
      Parameters:
      value - The tlsMinimumProtocolVersion to set.
      Returns:
      This builder for chaining.

    • clearTlsMinimumProtocolVersion

      public TlsParameters.Builder clearTlsMinimumProtocolVersion()
       Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.

 TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
 ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.

 .. attention::

   Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
      Returns:
      This builder for chaining.

    • getTlsMaximumProtocolVersionValue

      public int getTlsMaximumProtocolVersionValue()
       Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
      Specified by:
      getTlsMaximumProtocolVersionValue in interface TlsParametersOrBuilder
      Returns:
      The enum numeric value on the wire for tlsMaximumProtocolVersion.

    • setTlsMaximumProtocolVersionValue

      public TlsParameters.Builder setTlsMaximumProtocolVersionValue(int value)
       Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
      Parameters:
      value - The enum numeric value on the wire for tlsMaximumProtocolVersion to set.
      Returns:
      This builder for chaining.

    • getTlsMaximumProtocolVersion

      public TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
       Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
      Specified by:
      getTlsMaximumProtocolVersion in interface TlsParametersOrBuilder
      Returns:
      The tlsMaximumProtocolVersion.

    • setTlsMaximumProtocolVersion

      public TlsParameters.Builder setTlsMaximumProtocolVersion(TlsParameters.TlsProtocol value)
       Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
      Parameters:
      value - The tlsMaximumProtocolVersion to set.
      Returns:
      This builder for chaining.

    • clearTlsMaximumProtocolVersion

      public TlsParameters.Builder clearTlsMaximumProtocolVersion()
       Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
      .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
      Returns:
      This builder for chaining.

    • getCipherSuitesList

      public com.google.protobuf.ProtocolStringList getCipherSuitesList()
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Specified by:
      getCipherSuitesList in interface TlsParametersOrBuilder
      Returns:
      A list containing the cipherSuites.

    • getCipherSuitesCount

      public int getCipherSuitesCount()
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Specified by:
      getCipherSuitesCount in interface TlsParametersOrBuilder
      Returns:
      The count of cipherSuites.

    • getCipherSuites

      public String getCipherSuites(int index)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Specified by:
      getCipherSuites in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The cipherSuites at the given index.

    • getCipherSuitesBytes

      public com.google.protobuf.ByteString getCipherSuitesBytes(int index)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Specified by:
      getCipherSuitesBytes in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the cipherSuites at the given index.

    • setCipherSuites

      public TlsParameters.Builder setCipherSuites(int index, String value)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Parameters:
      index - The index to set the value at.
      value - The cipherSuites to set.
      Returns:
      This builder for chaining.

    • addCipherSuites

      public TlsParameters.Builder addCipherSuites(String value)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Parameters:
      value - The cipherSuites to add.
      Returns:
      This builder for chaining.

    • addAllCipherSuites

      public TlsParameters.Builder addAllCipherSuites(Iterable<String> values)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Parameters:
      values - The cipherSuites to add.
      Returns:
      This builder for chaining.

    • clearCipherSuites

      public TlsParameters.Builder clearCipherSuites()
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Returns:
      This builder for chaining.

    • addCipherSuitesBytes

      public TlsParameters.Builder addCipherSuitesBytes(com.google.protobuf.ByteString value)
       If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).

 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.

 In non-FIPS builds, the default server cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In non-FIPS builds, the default client cipher list is:

 .. code-block:: none

   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:

 .. code-block:: none

   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
      repeated string cipher_suites = 3;
      Parameters:
      value - The bytes of the cipherSuites to add.
      Returns:
      This builder for chaining.

    • getEcdhCurvesList

      public com.google.protobuf.ProtocolStringList getEcdhCurvesList()
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Specified by:
      getEcdhCurvesList in interface TlsParametersOrBuilder
      Returns:
      A list containing the ecdhCurves.

    • getEcdhCurvesCount

      public int getEcdhCurvesCount()
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Specified by:
      getEcdhCurvesCount in interface TlsParametersOrBuilder
      Returns:
      The count of ecdhCurves.

    • getEcdhCurves

      public String getEcdhCurves(int index)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Specified by:
      getEcdhCurves in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The ecdhCurves at the given index.

    • getEcdhCurvesBytes

      public com.google.protobuf.ByteString getEcdhCurvesBytes(int index)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Specified by:
      getEcdhCurvesBytes in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the ecdhCurves at the given index.

    • setEcdhCurves

      public TlsParameters.Builder setEcdhCurves(int index, String value)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Parameters:
      index - The index to set the value at.
      value - The ecdhCurves to set.
      Returns:
      This builder for chaining.

    • addEcdhCurves

      public TlsParameters.Builder addEcdhCurves(String value)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Parameters:
      value - The ecdhCurves to add.
      Returns:
      This builder for chaining.

    • addAllEcdhCurves

      public TlsParameters.Builder addAllEcdhCurves(Iterable<String> values)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Parameters:
      values - The ecdhCurves to add.
      Returns:
      This builder for chaining.

    • clearEcdhCurves

      public TlsParameters.Builder clearEcdhCurves()
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Returns:
      This builder for chaining.

    • addEcdhCurvesBytes

      public TlsParameters.Builder addEcdhCurvesBytes(com.google.protobuf.ByteString value)
       If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.

 In non-FIPS builds, the default curves are:

 .. code-block:: none

   X25519
   P-256

 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:

 .. code-block:: none

   P-256
      repeated string ecdh_curves = 4;
      Parameters:
      value - The bytes of the ecdhCurves to add.
      Returns:
      This builder for chaining.

    • getSignatureAlgorithmsList

      public com.google.protobuf.ProtocolStringList getSignatureAlgorithmsList()
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Specified by:
      getSignatureAlgorithmsList in interface TlsParametersOrBuilder
      Returns:
      A list containing the signatureAlgorithms.

    • getSignatureAlgorithmsCount

      public int getSignatureAlgorithmsCount()
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Specified by:
      getSignatureAlgorithmsCount in interface TlsParametersOrBuilder
      Returns:
      The count of signatureAlgorithms.

    • getSignatureAlgorithms

      public String getSignatureAlgorithms(int index)
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Specified by:
      getSignatureAlgorithms in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The signatureAlgorithms at the given index.

    • getSignatureAlgorithmsBytes

      public com.google.protobuf.ByteString getSignatureAlgorithmsBytes(int index)
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Specified by:
      getSignatureAlgorithmsBytes in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the signatureAlgorithms at the given index.

    • setSignatureAlgorithms

      public TlsParameters.Builder setSignatureAlgorithms(int index, String value)
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Parameters:
      index - The index to set the value at.
      value - The signatureAlgorithms to set.
      Returns:
      This builder for chaining.

    • addSignatureAlgorithms

      public TlsParameters.Builder addSignatureAlgorithms(String value)
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Parameters:
      value - The signatureAlgorithms to add.
      Returns:
      This builder for chaining.

    • addAllSignatureAlgorithms

      public TlsParameters.Builder addAllSignatureAlgorithms(Iterable<String> values)
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Parameters:
      values - The signatureAlgorithms to add.
      Returns:
      This builder for chaining.

    • clearSignatureAlgorithms

      public TlsParameters.Builder clearSignatureAlgorithms()
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Returns:
      This builder for chaining.

    • addSignatureAlgorithmsBytes

      public TlsParameters.Builder addSignatureAlgorithmsBytes(com.google.protobuf.ByteString value)
       If specified, the TLS connection will only support the specified signature algorithms.
 The list is ordered by preference.
 If not specified, the default signature algorithms defined by BoringSSL will be used.

 Default signature algorithms selected by BoringSSL (may be out of date):

 .. code-block:: none

   ecdsa_secp256r1_sha256
   rsa_pss_rsae_sha256
   rsa_pkcs1_sha256
   ecdsa_secp384r1_sha384
   rsa_pss_rsae_sha384
   rsa_pkcs1_sha384
   rsa_pss_rsae_sha512
   rsa_pkcs1_sha512
   rsa_pkcs1_sha1

 Signature algorithms supported by BoringSSL (may be out of date):

 .. code-block:: none

   rsa_pkcs1_sha256
   rsa_pkcs1_sha384
   rsa_pkcs1_sha512
   ecdsa_secp256r1_sha256
   ecdsa_secp384r1_sha384
   ecdsa_secp521r1_sha512
   rsa_pss_rsae_sha256
   rsa_pss_rsae_sha384
   rsa_pss_rsae_sha512
   ed25519
   rsa_pkcs1_sha1
   ecdsa_sha1
      repeated string signature_algorithms = 5;
      Parameters:
      value - The bytes of the signatureAlgorithms to add.
      Returns:
      This builder for chaining.

    • getCompliancePoliciesList

      public List<TlsParameters.CompliancePolicy> getCompliancePoliciesList()
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Specified by:
      getCompliancePoliciesList in interface TlsParametersOrBuilder
      Returns:
      A list containing the compliancePolicies.

    • getCompliancePoliciesCount

      public int getCompliancePoliciesCount()
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Specified by:
      getCompliancePoliciesCount in interface TlsParametersOrBuilder
      Returns:
      The count of compliancePolicies.

    • getCompliancePolicies

      public TlsParameters.CompliancePolicy getCompliancePolicies(int index)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Specified by:
      getCompliancePolicies in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The compliancePolicies at the given index.

    • setCompliancePolicies

      public TlsParameters.Builder setCompliancePolicies(int index, TlsParameters.CompliancePolicy value)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Parameters:
      index - The index to set the value at.
      value - The compliancePolicies to set.
      Returns:
      This builder for chaining.

    • addCompliancePolicies

      public TlsParameters.Builder addCompliancePolicies(TlsParameters.CompliancePolicy value)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Parameters:
      value - The compliancePolicies to add.
      Returns:
      This builder for chaining.

    • addAllCompliancePolicies

      public TlsParameters.Builder addAllCompliancePolicies(Iterable<? extends TlsParameters.CompliancePolicy> values)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Parameters:
      values - The compliancePolicies to add.
      Returns:
      This builder for chaining.

    • clearCompliancePolicies

      public TlsParameters.Builder clearCompliancePolicies()
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Returns:
      This builder for chaining.

    • getCompliancePoliciesValueList

      public List<Integer> getCompliancePoliciesValueList()
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Specified by:
      getCompliancePoliciesValueList in interface TlsParametersOrBuilder
      Returns:
      A list containing the enum numeric values on the wire for compliancePolicies.

    • getCompliancePoliciesValue

      public int getCompliancePoliciesValue(int index)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Specified by:
      getCompliancePoliciesValue in interface TlsParametersOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The enum numeric value on the wire of compliancePolicies at the given index.

    • setCompliancePoliciesValue

      public TlsParameters.Builder setCompliancePoliciesValue(int index, int value)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Parameters:
      index - The index to set the value at.
      value - The enum numeric value on the wire for compliancePolicies to set.
      Returns:
      This builder for chaining.

    • addCompliancePoliciesValue

      public TlsParameters.Builder addCompliancePoliciesValue(int value)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Parameters:
      value - The enum numeric value on the wire for compliancePolicies to add.
      Returns:
      This builder for chaining.

    • addAllCompliancePoliciesValue

      public TlsParameters.Builder addAllCompliancePoliciesValue(Iterable<Integer> values)
       Compliance policies configure various aspects of the TLS based on the given policy.
 The policies are applied last during configuration and may override the other TLS
 parameters, or any previous policy.
      repeated .envoy.extensions.transport_sockets.tls.v3.TlsParameters.CompliancePolicy compliance_policies = 6 [(.validate.rules) = { ... }
      Parameters:
      values - The enum numeric values on the wire for compliancePolicies to add.
      Returns:
      This builder for chaining.

    • setUnknownFields

      public final TlsParameters.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>

    • mergeUnknownFields

      public final TlsParameters.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<TlsParameters.Builder>