Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Interface TlsParametersOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    TlsParameters, TlsParameters.Builder
    public interface TlsParametersOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      String getCipherSuites​(int index)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      com.google.protobuf.ByteString getCipherSuitesBytes​(int index)
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      int getCipherSuitesCount()
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      List<String> getCipherSuitesList()
      If specified, the TLS listener will only support the specified `cipher list <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
      String getEcdhCurves​(int index)
      If specified, the TLS connection will only support the specified ECDH curves.
      com.google.protobuf.ByteString getEcdhCurvesBytes​(int index)
      If specified, the TLS connection will only support the specified ECDH curves.
      int getEcdhCurvesCount()
      If specified, the TLS connection will only support the specified ECDH curves.
      List<String> getEcdhCurvesList()
      If specified, the TLS connection will only support the specified ECDH curves.
      TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
      Maximum TLS protocol version.
      int getTlsMaximumProtocolVersionValue()
      Maximum TLS protocol version.
      TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
      Minimum TLS protocol version.
      int getTlsMinimumProtocolVersionValue()
      Minimum TLS protocol version.

      • Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

        isInitialized

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

    • Method Detail

      • getTlsMinimumProtocolVersionValue

        int getTlsMinimumProtocolVersionValue()
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Returns:
        The enum numeric value on the wire for tlsMinimumProtocolVersion.

      • getTlsMinimumProtocolVersion

        TlsParameters.TlsProtocol getTlsMinimumProtocolVersion()
         Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_minimum_protocol_version = 1 [(.validate.rules) = { ... }
        Returns:
        The tlsMinimumProtocolVersion.

      • getTlsMaximumProtocolVersionValue

        int getTlsMaximumProtocolVersionValue()
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Returns:
        The enum numeric value on the wire for tlsMaximumProtocolVersion.

      • getTlsMaximumProtocolVersion

        TlsParameters.TlsProtocol getTlsMaximumProtocolVersion()
         Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
 servers.
        .envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol tls_maximum_protocol_version = 2 [(.validate.rules) = { ... }
        Returns:
        The tlsMaximumProtocolVersion.

      • getCipherSuitesList

        List<String> getCipherSuitesList()
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.
 In non-FIPS builds, the default server cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In non-FIPS builds, the default client cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Returns:
        A list containing the cipherSuites.

      • getCipherSuitesCount

        int getCipherSuitesCount()
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.
 In non-FIPS builds, the default server cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In non-FIPS builds, the default client cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Returns:
        The count of cipherSuites.

      • getCipherSuites

        String getCipherSuites​(int index)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.
 In non-FIPS builds, the default server cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In non-FIPS builds, the default client cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Parameters:
        index - The index of the element to return.
        Returns:
        The cipherSuites at the given index.

      • getCipherSuitesBytes

        com.google.protobuf.ByteString getCipherSuitesBytes​(int index)
         If specified, the TLS listener will only support the specified `cipher list
 <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
 when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3).
 If not specified, a default list will be used. Defaults are different for server (downstream) and
 client (upstream) TLS configurations.
 Defaults will change over time in response to security considerations; If you care, configure
 it instead of using the default.
 In non-FIPS builds, the default server cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In non-FIPS builds, the default client cipher list is:
 .. code-block:: none
   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is:
 .. code-block:: none
   ECDHE-ECDSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-ECDSA-AES256-GCM-SHA384
   ECDHE-RSA-AES256-GCM-SHA384
        repeated string cipher_suites = 3;
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the cipherSuites at the given index.

      • getEcdhCurvesList

        List<String> getEcdhCurvesList()
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.
 In non-FIPS builds, the default curves are:
 .. code-block:: none
   X25519
   P-256
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
 .. code-block:: none
   P-256
        repeated string ecdh_curves = 4;
        Returns:
        A list containing the ecdhCurves.

      • getEcdhCurvesCount

        int getEcdhCurvesCount()
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.
 In non-FIPS builds, the default curves are:
 .. code-block:: none
   X25519
   P-256
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
 .. code-block:: none
   P-256
        repeated string ecdh_curves = 4;
        Returns:
        The count of ecdhCurves.

      • getEcdhCurves

        String getEcdhCurves​(int index)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.
 In non-FIPS builds, the default curves are:
 .. code-block:: none
   X25519
   P-256
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
 .. code-block:: none
   P-256
        repeated string ecdh_curves = 4;
        Parameters:
        index - The index of the element to return.
        Returns:
        The ecdhCurves at the given index.

      • getEcdhCurvesBytes

        com.google.protobuf.ByteString getEcdhCurvesBytes​(int index)
         If specified, the TLS connection will only support the specified ECDH
 curves. If not specified, the default curves will be used.
 In non-FIPS builds, the default curves are:
 .. code-block:: none
   X25519
   P-256
 In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
 .. code-block:: none
   P-256
        repeated string ecdh_curves = 4;
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the ecdhCurves at the given index.