.. _envoy_v3_api_file_envoy/extensions/transport_sockets/starttls/v3/starttls.proto: StartTls ======== .. _extension_envoy.transport_sockets.starttls: This extension may be referenced by the qualified name *envoy.transport_sockets.starttls* .. note:: This extension is intended to be robust against both untrusted downstream and upstream traffic. StartTls transport socket addresses situations when a protocol starts in clear-text and negotiates an in-band switch to TLS. StartTls transport socket is protocol agnostic and requires a network filter which understands protocol exchange and a state machine to signal to the StartTls transport socket when a switch to TLS is required. .. _envoy_v3_api_msg_extensions.transport_sockets.starttls.v3.StartTlsConfig: extensions.transport_sockets.starttls.v3.StartTlsConfig ------------------------------------------------------- `[extensions.transport_sockets.starttls.v3.StartTlsConfig proto] `_ Configuration for StartTls transport socket. StartTls transport socket wraps two sockets: - raw_buffer socket which is used at the beginning of the session - TLS socket used when a protocol negotiates a switch to encrypted traffic. .. code-block:: json { "cleartext_socket_config": "{...}", "tls_socket_config": "{...}" } .. _envoy_v3_api_field_extensions.transport_sockets.starttls.v3.StartTlsConfig.cleartext_socket_config: cleartext_socket_config (:ref:`extensions.transport_sockets.raw_buffer.v3.RawBuffer `) (optional) Configuration for clear-text socket used at the beginning of the session. .. _envoy_v3_api_field_extensions.transport_sockets.starttls.v3.StartTlsConfig.tls_socket_config: tls_socket_config (:ref:`extensions.transport_sockets.tls.v3.DownstreamTlsContext `, *REQUIRED*) Configuration for TLS socket.