StartTls

This extension may be referenced by the qualified name envoy.transport_sockets.starttls

Note

This extension is intended to be robust against both untrusted downstream and upstream traffic.

StartTls transport socket addresses situations when a protocol starts in clear-text and negotiates an in-band switch to TLS. StartTls transport socket is protocol agnostic and requires a network filter which understands protocol exchange and a state machine to signal to the StartTls transport socket when a switch to TLS is required.

extensions.transport_sockets.starttls.v3.StartTlsConfig

[extensions.transport_sockets.starttls.v3.StartTlsConfig proto]

Configuration for StartTls transport socket. StartTls transport socket wraps two sockets: - raw_buffer socket which is used at the beginning of the session - TLS socket used when a protocol negotiates a switch to encrypted traffic.

{
  "cleartext_socket_config": "{...}",
  "tls_socket_config": "{...}"
}

cleartext_socket_config

(extensions.transport_sockets.raw_buffer.v3.RawBuffer) (optional) Configuration for clear-text socket used at the beginning of the session.

tls_socket_config

(extensions.transport_sockets.tls.v3.DownstreamTlsContext, REQUIRED) Configuration for TLS socket.