.. _envoy_v3_api_file_envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto: Client TLS authentication ========================= .. _extension_envoy.filters.network.client_ssl_auth: This extension may be referenced by the qualified name *envoy.filters.network.client_ssl_auth* .. note:: This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted. Client TLS authentication :ref:`configuration overview `. .. _envoy_v3_api_msg_extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth: extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth ----------------------------------------------------------- `[extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth proto] `_ .. code-block:: json { "auth_api_cluster": "...", "stat_prefix": "...", "refresh_delay": "{...}", "ip_white_list": [] } .. _envoy_v3_api_field_extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth.auth_api_cluster: auth_api_cluster (`string `_, *REQUIRED*) The :ref:`cluster manager ` cluster that runs the authentication service. The filter will connect to the service every 60s to fetch the list of principals. The service must support the expected :ref:`REST API `. .. _envoy_v3_api_field_extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth.stat_prefix: stat_prefix (`string `_, *REQUIRED*) The prefix to use when emitting :ref:`statistics `. .. _envoy_v3_api_field_extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth.refresh_delay: refresh_delay (`Duration `_) Time in milliseconds between principal refreshes from the authentication service. Default is 60000 (60s). The actual fetch time will be this value plus a random jittered value between 0-refresh_delay_ms milliseconds. .. _envoy_v3_api_field_extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth.ip_white_list: ip_white_list (:ref:`config.core.v3.CidrRange `) An optional list of IP address and subnet masks that should be white listed for access by the filter. If no list is provided, there is no IP allowlist.