Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class UpstreamTlsContext.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderT>
com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>
io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, UpstreamTlsContextOrBuilder, Cloneable
Enclosing class:
UpstreamTlsContext
public static final class UpstreamTlsContext.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder> implements UpstreamTlsContextOrBuilder
 [#next-free-field: 8]
Protobuf type envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • clear

      public UpstreamTlsContext.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • getDefaultInstanceForType

      public UpstreamTlsContext getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public UpstreamTlsContext build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public UpstreamTlsContext buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public UpstreamTlsContext.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • setField

      public UpstreamTlsContext.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • clearField

      public UpstreamTlsContext.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • clearOneof

      public UpstreamTlsContext.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • setRepeatedField

      public UpstreamTlsContext.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • addRepeatedField

      public UpstreamTlsContext.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • mergeFrom

      public UpstreamTlsContext.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<UpstreamTlsContext.Builder>

    • mergeFrom

      public UpstreamTlsContext.Builder mergeFrom(UpstreamTlsContext other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • mergeFrom

      public UpstreamTlsContext.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<UpstreamTlsContext.Builder>
      Throws:
      IOException

    • hasCommonTlsContext

      public boolean hasCommonTlsContext()
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      hasCommonTlsContext in interface UpstreamTlsContextOrBuilder
      Returns:
      Whether the commonTlsContext field is set.

    • getCommonTlsContext

      public CommonTlsContext getCommonTlsContext()
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContext in interface UpstreamTlsContextOrBuilder
      Returns:
      The commonTlsContext.

    • setCommonTlsContext

      public UpstreamTlsContext.Builder setCommonTlsContext(CommonTlsContext value)
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • setCommonTlsContext

      public UpstreamTlsContext.Builder setCommonTlsContext(CommonTlsContext.Builder builderForValue)
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • mergeCommonTlsContext

      public UpstreamTlsContext.Builder mergeCommonTlsContext(CommonTlsContext value)
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • clearCommonTlsContext

      public UpstreamTlsContext.Builder clearCommonTlsContext()
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • getCommonTlsContextBuilder

      public CommonTlsContext.Builder getCommonTlsContextBuilder()
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • getCommonTlsContextOrBuilder

      public CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
       Common TLS context settings.

 .. attention::

   Server certificate verification is not enabled by default. To enable verification, configure
   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContextOrBuilder in interface UpstreamTlsContextOrBuilder

    • getSni

      public String getSni()
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Specified by:
      getSni in interface UpstreamTlsContextOrBuilder
      Returns:
      The sni.

    • getSniBytes

      public com.google.protobuf.ByteString getSniBytes()
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Specified by:
      getSniBytes in interface UpstreamTlsContextOrBuilder
      Returns:
      The bytes for sni.

    • setSni

      public UpstreamTlsContext.Builder setSni(String value)
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Parameters:
      value - The sni to set.
      Returns:
      This builder for chaining.

    • clearSni

      public UpstreamTlsContext.Builder clearSni()
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Returns:
      This builder for chaining.

    • setSniBytes

      public UpstreamTlsContext.Builder setSniBytes(com.google.protobuf.ByteString value)
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Parameters:
      value - The bytes for sni to set.
      Returns:
      This builder for chaining.

    • getAutoHostSni

      public boolean getAutoHostSni()
       If true, replaces the SNI for the connection with the hostname of the upstream host, if
 the hostname is known due to either a DNS cluster type or the
 :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>` is set on
 the host.

 See :ref:`SNI configuration <start_quick_start_securing_sni_client>` for details on how this
 interacts with other validation options.
      bool auto_host_sni = 6;
      Specified by:
      getAutoHostSni in interface UpstreamTlsContextOrBuilder
      Returns:
      The autoHostSni.

    • setAutoHostSni

      public UpstreamTlsContext.Builder setAutoHostSni(boolean value)
       If true, replaces the SNI for the connection with the hostname of the upstream host, if
 the hostname is known due to either a DNS cluster type or the
 :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>` is set on
 the host.

 See :ref:`SNI configuration <start_quick_start_securing_sni_client>` for details on how this
 interacts with other validation options.
      bool auto_host_sni = 6;
      Parameters:
      value - The autoHostSni to set.
      Returns:
      This builder for chaining.

    • clearAutoHostSni

      public UpstreamTlsContext.Builder clearAutoHostSni()
       If true, replaces the SNI for the connection with the hostname of the upstream host, if
 the hostname is known due to either a DNS cluster type or the
 :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>` is set on
 the host.

 See :ref:`SNI configuration <start_quick_start_securing_sni_client>` for details on how this
 interacts with other validation options.
      bool auto_host_sni = 6;
      Returns:
      This builder for chaining.

    • getAutoSniSanValidation

      public boolean getAutoSniSanValidation()
       If true, replaces any Subject Alternative Name (SAN) validations with a validation for a DNS SAN matching
 the SNI value sent. The validation uses the actual requested SNI, regardless of how the SNI is configured.

 For common cases where an SNI value is present and the server certificate should include a corresponding SAN,
 this option ensures the SAN is properly validated.

 See the :ref:`validation configuration <start_quick_start_securing_validation>` for how this interacts with
 other validation options.
      bool auto_sni_san_validation = 7;
      Specified by:
      getAutoSniSanValidation in interface UpstreamTlsContextOrBuilder
      Returns:
      The autoSniSanValidation.

    • setAutoSniSanValidation

      public UpstreamTlsContext.Builder setAutoSniSanValidation(boolean value)
       If true, replaces any Subject Alternative Name (SAN) validations with a validation for a DNS SAN matching
 the SNI value sent. The validation uses the actual requested SNI, regardless of how the SNI is configured.

 For common cases where an SNI value is present and the server certificate should include a corresponding SAN,
 this option ensures the SAN is properly validated.

 See the :ref:`validation configuration <start_quick_start_securing_validation>` for how this interacts with
 other validation options.
      bool auto_sni_san_validation = 7;
      Parameters:
      value - The autoSniSanValidation to set.
      Returns:
      This builder for chaining.

    • clearAutoSniSanValidation

      public UpstreamTlsContext.Builder clearAutoSniSanValidation()
       If true, replaces any Subject Alternative Name (SAN) validations with a validation for a DNS SAN matching
 the SNI value sent. The validation uses the actual requested SNI, regardless of how the SNI is configured.

 For common cases where an SNI value is present and the server certificate should include a corresponding SAN,
 this option ensures the SAN is properly validated.

 See the :ref:`validation configuration <start_quick_start_securing_validation>` for how this interacts with
 other validation options.
      bool auto_sni_san_validation = 7;
      Returns:
      This builder for chaining.

    • getAllowRenegotiation

      public boolean getAllowRenegotiation()
       If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
      bool allow_renegotiation = 3;
      Specified by:
      getAllowRenegotiation in interface UpstreamTlsContextOrBuilder
      Returns:
      The allowRenegotiation.

    • setAllowRenegotiation

      public UpstreamTlsContext.Builder setAllowRenegotiation(boolean value)
       If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
      bool allow_renegotiation = 3;
      Parameters:
      value - The allowRenegotiation to set.
      Returns:
      This builder for chaining.

    • clearAllowRenegotiation

      public UpstreamTlsContext.Builder clearAllowRenegotiation()
       If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
      bool allow_renegotiation = 3;
      Returns:
      This builder for chaining.

    • hasMaxSessionKeys

      public boolean hasMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;
      Specified by:
      hasMaxSessionKeys in interface UpstreamTlsContextOrBuilder
      Returns:
      Whether the maxSessionKeys field is set.

    • getMaxSessionKeys

      public com.google.protobuf.UInt32Value getMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;
      Specified by:
      getMaxSessionKeys in interface UpstreamTlsContextOrBuilder
      Returns:
      The maxSessionKeys.

    • setMaxSessionKeys

      public UpstreamTlsContext.Builder setMaxSessionKeys(com.google.protobuf.UInt32Value value)
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • setMaxSessionKeys

      public UpstreamTlsContext.Builder setMaxSessionKeys(com.google.protobuf.UInt32Value.Builder builderForValue)
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • mergeMaxSessionKeys

      public UpstreamTlsContext.Builder mergeMaxSessionKeys(com.google.protobuf.UInt32Value value)
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • clearMaxSessionKeys

      public UpstreamTlsContext.Builder clearMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • getMaxSessionKeysBuilder

      public com.google.protobuf.UInt32Value.Builder getMaxSessionKeysBuilder()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • getMaxSessionKeysOrBuilder

      public com.google.protobuf.UInt32ValueOrBuilder getMaxSessionKeysOrBuilder()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to be stored for session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;
      Specified by:
      getMaxSessionKeysOrBuilder in interface UpstreamTlsContextOrBuilder

    • hasEnforceRsaKeyUsage

      public boolean hasEnforceRsaKeyUsage()
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Specified by:
      hasEnforceRsaKeyUsage in interface UpstreamTlsContextOrBuilder
      Returns:
      Whether the enforceRsaKeyUsage field is set.

    • getEnforceRsaKeyUsage

      public com.google.protobuf.BoolValue getEnforceRsaKeyUsage()
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Specified by:
      getEnforceRsaKeyUsage in interface UpstreamTlsContextOrBuilder
      Returns:
      The enforceRsaKeyUsage.

    • setEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder setEnforceRsaKeyUsage(com.google.protobuf.BoolValue value)
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • setEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder setEnforceRsaKeyUsage(com.google.protobuf.BoolValue.Builder builderForValue)
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • mergeEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder mergeEnforceRsaKeyUsage(com.google.protobuf.BoolValue value)
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • clearEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder clearEnforceRsaKeyUsage()
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • getEnforceRsaKeyUsageBuilder

      public com.google.protobuf.BoolValue.Builder getEnforceRsaKeyUsageBuilder()
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • getEnforceRsaKeyUsageOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getEnforceRsaKeyUsageOrBuilder()
       Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
 the ``keyUsage`` is incompatible with TLS usage.

 .. note::
   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.

 The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
 for configurations that would fail if this option were enabled.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Specified by:
      getEnforceRsaKeyUsageOrBuilder in interface UpstreamTlsContextOrBuilder

    • setUnknownFields

      public final UpstreamTlsContext.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>

    • mergeUnknownFields

      public final UpstreamTlsContext.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<UpstreamTlsContext.Builder>