Packages

o

com.twitter.finagle.ssl

SnoopingLevelInterpreter

object SnoopingLevelInterpreter

Stack params for configuring TLS snooping

TLS snooping is a server side feature which allows servers to use both cleartext and TLS socket connections on the same port. This should only be used if it is desirable but not required that traffic be encrypted.

There are two classes of protocols considered: protocols that support TLS negotiation such as Mux and those that don't such as the framed thrift transport. The two classes of protocols have a different truth matrix for determining whether to enable TLS negotiation (see below). For example, a negotiating TLS connection that _requires_ TLS may enable snooping because if the connection starts cleartext the session itself may upgrade to a secure connection later. In contrast, a cleartext HTTP connection has no way to upgrade to a secure connection and thus if TLS is required snooping must be disabled.

Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. SnoopingLevelInterpreter
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Type Members

  1. case class Enabled(predicate: (Level, SslServerConfiguration) => Boolean) extends Interpreter with Product with Serializable

    TLS snooping is enabled based on the predicate function

  2. sealed abstract class Interpreter extends AnyRef
  3. case class Param(interpreter: Interpreter) extends Product with Serializable

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. val EnabledForNegotiatingProtocols: Param

    TLS Snooping configuration for protocols that support negotiation.

    TLS Snooping configuration for protocols that support negotiation.

    Note

    that this configuration will allow cleartext connections to proceed even if the OpportunisticTls.Level is Required and it is the responsibility of the protocol to reject a cleartext session if the configuration is incompatible with security requirements. Interprets stack params for protocols that can negotiate TLS (Mux, for example). For these protocols we want to enable TLS either eagerly, or as part of a cleartext negotiation phase. Note that it becomes the the sessions responsibility to reject cleartext connections that don't negotiate to the required security level. Truth matrix: Level Off | Desired | Required - Client Auth ------------------------------ Off | Off | On | On Wanted | Off | On | On Needed | Off | On | On

  5. val EnabledForNonNegotiatingProtocols: Param

    TLS Snooping configuration for protocols that don't support negotiation.

    TLS Snooping configuration for protocols that don't support negotiation.

    Interprets stack params for non-negotiating protocols (HTTP, for example). For non-negotiating protocols there isn't a secondary way of making sure that a cleartext connection later gets upgraded. As such 'Required' doesn't enable snooping as it expresses that encryption is required, and snooping would make it optional.

    Truth matrix: Level Off | Desired | Required - Client Auth ------------------------------ Off | Off | On | Off Wanted | Off | On | Off Needed | Off | Off | Off

  6. val Off: Param

    Tls snooping configuration that disables TLS snooping.

  7. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  8. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native()
  9. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  10. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  11. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable])
  12. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  13. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  14. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  15. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  16. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  17. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  18. def shouldEnableSnooping(params: Params): Boolean

    Determine whether TLS snooping should be enabled based on the stack params.

  19. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  20. def toString(): String
    Definition Classes
    AnyRef → Any
  21. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  22. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  23. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  24. case object Disabled extends Interpreter with Product with Serializable

    TLS snooping disabled

  25. object Param extends Serializable

Inherited from AnyRef

Inherited from Any

Ungrouped