Skip to main content
logoTetrate Service BridgeVersion: 1.6.x

Transport layer security config

Transport layer security config specifies configuration of a TLS client.

ClientTransportSecurity

ClientTransportSecurity specifies transport layer security configuration.

FieldDescriptionValidation Rule

tls

tetrateio.api.onboarding.config.types.config.v1alpha1.TlsClient oneof kind
TLS client configuration.

none

tetrateio.api.onboarding.config.types.config.v1alpha1.PlainTextClient oneof kind
Plain-text client configuration.

TlsClient

TlsClient specifies configuration of a TLS client.

FieldDescriptionValidation Rule

sni

string
SNI string to present to the server during TLS handshake instead of the default value (host address).

Defaults to empty string, in which case the default SNI value (host address) will be used.

This setting is meant for use in non-production scenarios, such as:

  1. when the server is not reachable by a DNS name (e.g., because user has no means to create a DNS record)

  2. when the server is only reachable by a DNS name different from the name TLS certificate was issued for

When set to a non-empty string, TLS client will validate certificate presented by the server against the SNI value rather than host address.

TODO(yaro): add [(validate.rules).string = { address: true, ignore_empty: true } ]

insecureSkipVerify

bool
once protoc-gen-validate tool is updated up to 0.5.0+ that support ignore_empty option When set to true, TLS client will not verify validity of the server certificate (⚠️).

Defaults to false.

⚠️ WARNING: This setting makes TLS connections insecure because client does not validate identity of the server and might end up sending security-sensitive information to an attacker (man-in-the-middle).

⚠️ NEVER use this setting in production scenarios!

This setting is meant for use in non-production scenarios, such as:

  1. getting started guides

  2. disposable test and demo environments

  3. local development environments