Reference documentation and code samples for the Network Security V1 API class Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy.
The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#ca_pool
def ca_pool() -> ::String
Returns
- (::String) — Required. A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
#ca_pool=
def ca_pool=(value) -> ::String
Parameter
- value (::String) — Required. A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
Returns
- (::String) — Required. A CA pool resource used to issue interception certificates. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}".
#create_time
def create_time() -> ::Google::Protobuf::Timestamp
Returns
- (::Google::Protobuf::Timestamp) — Output only. The timestamp when the resource was created.
#custom_tls_features
def custom_tls_features() -> ::Array<::String>
Returns
- (::Array<::String>) — Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The [compute.SslPoliciesService.ListAvailableFeatures][] method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
#custom_tls_features=
def custom_tls_features=(value) -> ::Array<::String>
Parameter
- value (::Array<::String>) — Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The [compute.SslPoliciesService.ListAvailableFeatures][] method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
Returns
- (::Array<::String>) — Optional. List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The [compute.SslPoliciesService.ListAvailableFeatures][] method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.
#description
def description() -> ::String
Returns
- (::String) — Optional. Free-text description of the resource.
#description=
def description=(value) -> ::String
Parameter
- value (::String) — Optional. Free-text description of the resource.
Returns
- (::String) — Optional. Free-text description of the resource.
#exclude_public_ca_set
def exclude_public_ca_set() -> ::Boolean
Returns
- (::Boolean) — Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
#exclude_public_ca_set=
def exclude_public_ca_set=(value) -> ::Boolean
Parameter
- value (::Boolean) — Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
Returns
- (::Boolean) — Optional. If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trust_config. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trust_config will be accepted. This defaults to FALSE (use public CAs in addition to trust_config) for backwards compatibility, but trusting public root CAs is not recommended unless the traffic in question is outbound to public web servers. When possible, prefer setting this to "false" and explicitly specifying trusted CAs and certificates in a TrustConfig. Note that Secure Web Proxy does not yet honor this field.
#min_tls_version
def min_tls_version() -> ::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::TlsVersion
Returns
- (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::TlsVersion) — Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
#min_tls_version=
def min_tls_version=(value) -> ::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::TlsVersion
Parameter
- value (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::TlsVersion) — Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
Returns
- (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::TlsVersion) — Optional. Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
#name
def name() -> ::String
Returns
- (::String) — Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
#name=
def name=(value) -> ::String
Parameter
- value (::String) — Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
Returns
- (::String) — Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^a-z?$).
#tls_feature_profile
def tls_feature_profile() -> ::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::Profile
Returns
- (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::Profile) — Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
#tls_feature_profile=
def tls_feature_profile=(value) -> ::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::Profile
Parameter
- value (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::Profile) — Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
Returns
- (::Google::Cloud::NetworkSecurity::V1::TlsInspectionPolicy::Profile) — Optional. The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field.
#trust_config
def trust_config() -> ::String
Returns
- (::String) — Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
#trust_config=
def trust_config=(value) -> ::String
Parameter
- value (::String) — Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
Returns
- (::String) — Optional. A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Note that Secure Web Proxy does not yet honor this field.
#update_time
def update_time() -> ::Google::Protobuf::Timestamp
Returns
- (::Google::Protobuf::Timestamp) — Output only. The timestamp when the resource was updated.