Connections where the certificate fails verification will be permitted.

Perform default certificate verification (e.g., against CA / verification lists).

OCSP responses are optional.

OCSP responses are required.

OCSP responses are optional.

Envoy will choose the optimal TLS version.

TLS 1.0.

TLS 1.1.

TLS 1.2.

TLS 1.3.

Enum value maps for CertificateValidationContext_TrustChainVerification.

Enum value maps for CertificateValidationContext_TrustChainVerification.

Enum value maps for DownstreamTlsContext_OcspStaplePolicy.

Enum value maps for DownstreamTlsContext_OcspStaplePolicy.

Enum value maps for TlsParameters_TlsProtocol.

Enum value maps for TlsParameters_TlsProtocol.

Indicates a certificate to be obtained from a named CertificateProvider plugin instance.

CertificateProviderPluginInstanceValidationError is the validation error returned by CertificateProviderPluginInstance.Validate if the designated constraints aren't met.

[#next-free-field: 14].

CertificateValidationContextValidationError is the validation error returned by CertificateValidationContext.Validate if the designated constraints aren't met.

TLS context shared by both client and server TLS contexts.

Config for Certificate provider to get certificates.

Similar to CertificateProvider above, but allows the provider instances to be configured on the client side instead of being sent from the control plane.

CommonTlsContext_CertificateProviderInstanceValidationError is the validation error returned by CommonTlsContext_CertificateProviderInstance.Validate if the designated constraints aren't met.

CommonTlsContext_CertificateProviderValidationError is the validation error returned by CommonTlsContext_CertificateProvider.Validate if the designated constraints aren't met.

CommonTlsContext_CombinedCertificateValidationContextValidationError is the validation error returned by CommonTlsContext_CombinedCertificateValidationContext.Validate if the designated constraints aren't met.

CommonTlsContextValidationError is the validation error returned by CommonTlsContext.Validate if the designated constraints aren't met.

[#next-free-field: 9].

DownstreamTlsContextValidationError is the validation error returned by DownstreamTlsContext.Validate if the designated constraints aren't met.

GenericSecretValidationError is the validation error returned by GenericSecret.Validate if the designated constraints aren't met.

BoringSSL private key method configuration.

PrivateKeyProviderValidationError is the validation error returned by PrivateKeyProvider.Validate if the designated constraints aren't met.

SdsSecretConfigValidationError is the validation error returned by SdsSecretConfig.Validate if the designated constraints aren't met.

[#next-free-field: 6].

SecretValidationError is the validation error returned by Secret.Validate if the designated constraints aren't met.

Configuration specific to the `SPIFFE <https://github.com/spiffe/spiffe>`_ certificate validator.

SPIFFECertValidatorConfig_TrustDomainValidationError is the validation error returned by SPIFFECertValidatorConfig_TrustDomain.Validate if the designated constraints aren't met.

SPIFFECertValidatorConfigValidationError is the validation error returned by SPIFFECertValidatorConfig.Validate if the designated constraints aren't met.

[#next-free-field: 8].

TlsCertificateValidationError is the validation error returned by TlsCertificate.Validate if the designated constraints aren't met.

TlsParametersValidationError is the validation error returned by TlsParameters.Validate if the designated constraints aren't met.

TlsSessionTicketKeysValidationError is the validation error returned by TlsSessionTicketKeys.Validate if the designated constraints aren't met.

UpstreamTlsContextValidationError is the validation error returned by UpstreamTlsContext.Validate if the designated constraints aren't met.

Peer certificate verification mode.