- Tls (common.tls) Configuration
Configuration options
| key | type | default value | description |
|---|---|---|---|
cipher-suite | string[] | Enabled cipher suites for TLS communication. @return cipher suits to enable, by default (or if list is empty), all available cipher suites
are enabled | |
client-auth | TlsClientAuth (REQUIRED, OPTIONAL, NONE) | NONE | Configure requirement for mutual TLS. @return what type of mutual TLS to use, defaults to TlsClientAuth#NONE |
enabled | boolean | true | Flag indicating whether Tls is enabled. @return enabled flag |
endpoint-identification-algorithm | string | HTTPS | Identification algorithm for SSL endpoints. @return configure endpoint identification algorithm, or set to `NONE`
to disable endpoint identification (equivalent to hostname verification).
Defaults to `Tls#ENDPOINT_IDENTIFICATION_HTTPS` |
internal-keystore-provider | string | Provider of the key stores used internally to create a key and trust manager factories. @return keystore provider, if not defined, provider is not specified | |
internal-keystore-type | string | Type of the key stores used internally to create a key and trust manager factories. @return keystore type, defaults to java.security.KeyStore#getDefaultType() | |
key-manager-factory-algorithm | string | Algorithm of the key manager factory used when private key is defined. Defaults to javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm(). @return algorithm to use | |
manager | io.helidon.common.tls.TlsManager (service provider interface) | The Tls manager. If one is not explicitly defined in the config then a default manager will be created. @return the tls manager of the tls instance @see ConfiguredTlsManager | |
private-key | PrivateKey | Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled). @return private key to use | |
protocol | string | TLS | Configure the protocol used to obtain an instance of javax.net.ssl.SSLContext. @return protocol to use, defaults to `DEFAULT_PROTOCOL` |
protocols | string[] | Enabled protocols for TLS communication. Example of valid values for @return protocols to enable, by default (or if list is empty), all available protocols are enabled | |
provider | string | Use explicit provider to obtain an instance of javax.net.ssl.SSLContext. @return provider to use, defaults to none (only #protocol() is used by default) | |
revocation | Certificate revocation check configuration. @return certificate revocation configuration | ||
secure-random-algorithm | string | Algorithm to use when creating a new secure random. @return algorithm to use, by default uses java.security.SecureRandom constructor | |
secure-random-provider | string | Provider to use when creating a new secure random. When defined, #secureRandomAlgorithm() must be defined as well. @return provider to use, by default no provider is specified | |
session-cache-size | int | 1024 | SSL session cache size. @return session cache size, defaults to 1024 |
session-timeout | Duration | PT30M | SSL session timeout. @return session timeout, defaults to 30 minutes |
trust | X509Certificate[] | List of certificates that form the trust manager. @return certificates to be trusted | |
trust-all | boolean | false | Trust any certificate provided by the other side of communication. <b>This is a dangerous setting: </b> if set to `true`, any certificate will be accepted, throwing away most of the security advantages of TLS. <b>NEVER</b> do this in production. @return whether to trust all certificates, do not use in production |
trust-manager-factory-algorithm | string | Trust manager factory algorithm. @return algorithm to use |