Tls (common.tls) Configuration

Type: io.helidon.common.tls.Tls

Configuration options

Optional configuration options
keytypedefault valuedescription
cipher-suite

string[]

 

Enabled cipher suites for TLS communication.

client-auth

TlsClientAuth (REQUIRED, OPTIONAL, NONE)

TlsClientAuth.NONE

Configure requirement for mutual TLS.

Allowed values:

  • REQUIRED: Mutual TLS is required. Server MUST present a certificate trusted by the client, client MUST present a certificate trusted by the server. This implies private key and trust configuration for both server and client.

  • OPTIONAL: Mutual TLS is optional. Server MUST present a certificate trusted by the client, client MAY present a certificate trusted by the server. This implies private key configuration at least for server, trust configuration for at least client.

  • NONE: Mutual TLS is disabled. Server MUST present a certificate trusted by the client, client does not present a certificate. This implies private key configuration for server, trust configuration for client.

enabled

boolean

true

Flag indicating whether Tls is enabled.

endpoint-identification-algorithm

string

HTTPS

Identification algorithm for SSL endpoints.

internal-keystore-provider

string

 

Provider of the key stores used internally to create a key and trust manager factories.

internal-keystore-type

string

 

Type of the key stores used internally to create a key and trust manager factories.

key-manager-factory-algorithm

string

 

Algorithm of the key manager factory used when private key is defined. Defaults to javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm().

manager

io.helidon.common.tls.TlsManager (service provider interface)

 

The Tls manager. If one is not explicitly defined in the config then a default manager will be created.

See ConfiguredTlsManager

private-key

PrivateKey

 

Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).

protocol

string

TLS

Configure the protocol used to obtain an instance of javax.net.ssl.SSLContext.

protocols

string[]

 

Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2

provider

string

 

Use explicit provider to obtain an instance of javax.net.ssl.SSLContext.

revocation

RevocationConfig

 

Certificate revocation check configuration.

secure-random-algorithm

string

 

Algorithm to use when creating a new secure random.

secure-random-provider

string

 

Provider to use when creating a new secure random. When defined, secureRandomAlgorithm() must be defined as well.

session-cache-size

int

20480

SSL session cache size.

session-timeout

Duration

PT24H

SSL session timeout.

trust

X509Certificate[]

 

List of certificates that form the trust manager.

trust-all

boolean

false

Trust any certificate provided by the other side of communication.

This is a dangerous setting: if set to true, any certificate will be accepted, throwing away most of the security advantages of TLS. NEVER do this in production.

trust-manager-factory-algorithm

string

 

Trust manager factory algorithm.