TLS Inspector Filter (proto)

This extension has the qualified name envoy.filters.listener.tls_inspector

Note

This extension is intended to be robust against both untrusted downstream and upstream traffic.

Tip

This extension extends and can be used with the following extension category:

• envoy.filters.listener

This extension must be configured with one of the following type URLs:

• type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector

Allows detecting whether the transport appears to be TLS or plaintext.

extensions.filters.listener.tls_inspector.v3.TlsInspector

[extensions.filters.listener.tls_inspector.v3.TlsInspector proto]

{
  "enable_ja3_fingerprinting": {...},
  "initial_read_buffer_size": {...}
}

enable_ja3_fingerprinting

(BoolValue) Populate JA3 fingerprint hash using data from the TLS Client Hello packet. Default is false.

initial_read_buffer_size

(UInt32Value) The size in bytes of the initial buffer requested by the tls_inspector. If the filter needs to read additional bytes from the socket, the filter will double the buffer up to it’s default maximum of 64KiB. If this size is not defined, defaults to maximum 64KiB that the tls inspector will consume.