.. _envoy_api_file_envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto: Client TLS authentication ========================= Client TLS authentication :ref:`configuration overview `. .. _envoy_api_msg_config.filter.network.client_ssl_auth.v2.ClientSSLAuth: config.filter.network.client_ssl_auth.v2.ClientSSLAuth ------------------------------------------------------ `[config.filter.network.client_ssl_auth.v2.ClientSSLAuth proto] `_ .. code-block:: json { "auth_api_cluster": "...", "stat_prefix": "...", "refresh_delay": "{...}", "ip_white_list": [] } .. _envoy_api_field_config.filter.network.client_ssl_auth.v2.ClientSSLAuth.auth_api_cluster: auth_api_cluster (`string `_, *REQUIRED*) The :ref:`cluster manager ` cluster that runs the authentication service. The filter will connect to the service every 60s to fetch the list of principals. The service must support the expected :ref:`REST API `. .. _envoy_api_field_config.filter.network.client_ssl_auth.v2.ClientSSLAuth.stat_prefix: stat_prefix (`string `_, *REQUIRED*) The prefix to use when emitting :ref:`statistics `. .. _envoy_api_field_config.filter.network.client_ssl_auth.v2.ClientSSLAuth.refresh_delay: refresh_delay (`Duration `_) Time in milliseconds between principal refreshes from the authentication service. Default is 60000 (60s). The actual fetch time will be this value plus a random jittered value between 0-refresh_delay_ms milliseconds. .. _envoy_api_field_config.filter.network.client_ssl_auth.v2.ClientSSLAuth.ip_white_list: ip_white_list (:ref:`core.CidrRange `) An optional list of IP address and subnet masks that should be white listed for access by the filter. If no list is provided, there is no IP white list.