TLS Inspector Filter

This documentation is for the Envoy v3 API.

As of Envoy v1.18 the v2 API has been removed and is no longer supported.

If you are upgrading from v2 API config you may wish to view the v2 API documentation:

This extension may be referenced by the qualified name envoy.filters.listener.tls_inspector


This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.


This extension extends and can be used with the following extension category:

Allows detecting whether the transport appears to be TLS or plaintext.


[extensions.filters.listener.tls_inspector.v3.TlsInspector proto]

  "enable_ja3_fingerprinting": "{...}"

(BoolValue) Populate JA3 fingerprint hash using data from the TLS Client Hello packet. Default is false.