Skip to content

TLSv12Config

saq.sandwich.proto.api.v1.TLSv12Config

Description

A configuration to constrain ciphersuite for TLS version 1.2.

message TLSv12Config {
  // Sets TLS 1.2 ciphersuite.
  //
  // Ciphersuites must follow IANA names.
  //
  // If ciphersuite is **not** set, the default ciphersuites listed here are
  // used in preference order: | Default 256 bits security ciphersuites        |
  // |-----------------------------------------------|
  // | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       |
  // | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
  // | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         |
  // | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   |
  // | TLS_RSA_WITH_AES_256_GCM_SHA384               |
  //
  // | Default 128 bits security ciphersuites        |
  // |-----------------------------------------------|
  // | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       |
  // | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         |
  // | TLS_RSA_WITH_AES_128_GCM_SHA256               |
  repeated string ciphersuite = 1;

  // Next id: 2
}

Fields

ciphersuite

Sets TLS 1.2 ciphersuite.

Ciphersuites must follow IANA names.

If ciphersuite is not set, the default ciphersuites listed here are used in preference order: | Default 256 bits security ciphersuites | |-----------------------------------------------| | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | | TLS_RSA_WITH_AES_256_GCM_SHA384 |

Default 128 bits security ciphersuites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256 
repeated string ciphersuite = 1;