Skip to content

TLSOptions

saq.sandwich.proto.api.v1.TLSOptions

Description

TLS options, for both client and server modes.

message TLSOptions {
  // TLS 1.2 configuration.
  //
  // TLS 1.2 will be disabled if this field is not set.
  // See [`TLSv12Config`](TLSv12Config.md).
  TLSv12Config tls12 = 7;

  // TLS 1.3 configuration.
  //
  // TLS 1.3 will be disabled if this field is not set.
  // See [`TLSv13Config`](TLSv13Config.md).
  TLSv13Config tls13 = 8;

  // The verifier configuration to verify the remote peer.
  oneof peer_verifier {
    // Use an X.509 verifier.
    //
    // See [X509Verifier](X509Verifier.md).
    X509Verifier x509_verifier = 3;

    // Use an empty verifier.
    //
    // > **Warning**: when used in a context where a certificate
    // is requested from the remote peer, such as a TLS client or in mTLS,
    // no signature will be verified!
    EmptyVerifier empty_verifier = 4;
  }

  // An identity.
  //
  // In server mode, the identity is used to perform the TLS handshake
  // (the [private key](PrivateKey.md) is used to sign the transcript, and the
  // [certificate](Certificate.md) is presented to clients).
  //
  // See [X509Identity](X509Identity.md).
  X509Identity identity = 5;

  // Application-Layer Protocol Negotiation.
  //
  // This list of strings specifies the different protocols to be negotiated.
  repeated string alpn_protocols = 6;

  // Next id: 9
}

Fields

tls12

TLS 1.2 configuration.

TLS 1.2 will be disabled if this field is not set. See TLSv12Config.

TLSv12Config tls12 = 7;

tls13

TLS 1.3 configuration.

TLS 1.3 will be disabled if this field is not set. See TLSv13Config.

TLSv13Config tls13 = 8;

oneof peer_verifier

The verifier configuration to verify the remote peer.

oneof peer_verifier {
    // Use an X.509 verifier.
    //
    // See [X509Verifier](X509Verifier.md).
    X509Verifier x509_verifier = 3;

    // Use an empty verifier.
    //
    // > **Warning**: when used in a context where a certificate
    // is requested from the remote peer, such as a TLS client or in mTLS,
    // no signature will be verified!
    EmptyVerifier empty_verifier = 4;
  }

x509_verifier

Use an X.509 verifier.

See X509Verifier.

X509Verifier x509_verifier = 3;

empty_verifier

Use an empty verifier.

Warning: when used in a context where a certificate is requested from the remote peer, such as a TLS client or in mTLS, no signature will be verified!

EmptyVerifier empty_verifier = 4;

identity

An identity.

In server mode, the identity is used to perform the TLS handshake (the private key is used to sign the transcript, and the certificate is presented to clients).

See X509Identity.

X509Identity identity = 5;

alpn_protocols

Application-Layer Protocol Negotiation.

This list of strings specifies the different protocols to be negotiated.

repeated string alpn_protocols = 6;