object SnoopingLevelInterpreter
Stack params for configuring TLS snooping
TLS snooping is a server side feature which allows servers to use both cleartext and TLS socket connections on the same port. This should only be used if it is desirable but not required that traffic be encrypted.
There are two classes of protocols considered: protocols that support TLS negotiation such as Mux and those that don't such as the framed thrift transport. The two classes of protocols have a different truth matrix for determining whether to enable TLS negotiation (see below). For example, a negotiating TLS connection that _requires_ TLS may enable snooping because if the connection starts cleartext the session itself may upgrade to a secure connection later. In contrast, a cleartext HTTP connection has no way to upgrade to a secure connection and thus if TLS is required snooping must be disabled.
- Alphabetic
- By Inheritance
- SnoopingLevelInterpreter
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Type Members
- case class Enabled(predicate: (Level, SslServerConfiguration) => Boolean) extends Interpreter with Product with Serializable
TLS snooping is enabled based on the predicate function
- sealed abstract class Interpreter extends AnyRef
- case class Param(interpreter: Interpreter) extends Product with Serializable
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val EnabledForNegotiatingProtocols: Param
TLS Snooping configuration for protocols that support negotiation.
TLS Snooping configuration for protocols that support negotiation.
- Note
that this configuration will allow cleartext connections to proceed even if the
OpportunisticTls.Level
isRequired
and it is the responsibility of the protocol to reject a cleartext session if the configuration is incompatible with security requirements. Interprets stack params for protocols that can negotiate TLS (Mux, for example). For these protocols we want to enable TLS either eagerly, or as part of a cleartext negotiation phase. Note that it becomes the the sessions responsibility to reject cleartext connections that don't negotiate to the required security level. Truth matrix: Level Off | Desired | Required - Client Auth ------------------------------ Off | Off | On | On Wanted | Off | On | On Needed | Off | On | On
- val EnabledForNonNegotiatingProtocols: Param
TLS Snooping configuration for protocols that don't support negotiation.
TLS Snooping configuration for protocols that don't support negotiation.
Interprets stack params for non-negotiating protocols (HTTP, for example). For non-negotiating protocols there isn't a secondary way of making sure that a cleartext connection later gets upgraded. As such 'Required' doesn't enable snooping as it expresses that encryption is required, and snooping would make it optional.
Truth matrix: Level Off | Desired | Required - Client Auth ------------------------------ Off | Off | On | Off Wanted | Off | On | Off Needed | Off | Off | Off
- val Off: Param
Tls snooping configuration that disables TLS snooping.
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable])
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- def shouldEnableSnooping(params: Params): Boolean
Determine whether TLS snooping should be enabled based on the stack params.
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- case object Disabled extends Interpreter with Product with Serializable
TLS snooping disabled
- object Param extends Serializable