Tls (common.tls) Configuration

Configuration options

Table 1. Optional configuration options
key	type	default value	description
`cipher-suite`	string[]		Enabled cipher suites for TLS communication.
`client-auth`	TlsClientAuth (REQUIRED, OPTIONAL, NONE)	`TlsClientAuth.NONE`	Configure requirement for mutual TLS. Allowed values: `REQUIRED`: Mutual TLS is required. Server MUST present a certificate trusted by the client, client MUST present a certificate trusted by the server. This implies private key and trust configuration for both server and client. `OPTIONAL`: Mutual TLS is optional. Server MUST present a certificate trusted by the client, client MAY present a certificate trusted by the server. This implies private key configuration at least for server, trust configuration for at least client. `NONE`: Mutual TLS is disabled. Server MUST present a certificate trusted by the client, client does not present a certificate. This implies private key configuration for server, trust configuration for client.
`enabled`	boolean	`true`	Flag indicating whether Tls is enabled.
`endpoint-identification-algorithm`	string	`HTTPS`	Identification algorithm for SSL endpoints.
`internal-keystore-provider`	string		Provider of the key stores used internally to create a key and trust manager factories.
`internal-keystore-type`	string		Type of the key stores used internally to create a key and trust manager factories.
`key-manager-factory-algorithm`	string		Algorithm of the key manager factory used when private key is defined. Defaults to javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm().
`manager`	io.helidon.common.tls.TlsManager (service provider interface)		The Tls manager. If one is not explicitly defined in the config then a default manager will be created. See ConfiguredTlsManager
`private-key`	PrivateKey		Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
`protocol`	string	`TLS`	Configure the protocol used to obtain an instance of javax.net.ssl.SSLContext.
`protocols`	string[]		Enabled protocols for TLS communication. Example of valid values for `TLS` protocol: `TLSv1.3`, `TLSv1.2`
`provider`	string		Use explicit provider to obtain an instance of javax.net.ssl.SSLContext.
`revocation`	RevocationConfig		Certificate revocation check configuration.
`secure-random-algorithm`	string		Algorithm to use when creating a new secure random.
`secure-random-provider`	string		Provider to use when creating a new secure random. When defined, secureRandomAlgorithm() must be defined as well.
`session-cache-size`	int	`20480`	SSL session cache size.
`session-timeout`	Duration	`PT24H`	SSL session timeout.
`trust`	X509Certificate[]		List of certificates that form the trust manager.
`trust-all`	boolean	`false`	Trust any certificate provided by the other side of communication. This is a dangerous setting: if set to `true`, any certificate will be accepted, throwing away most of the security advantages of TLS. NEVER do this in production.
`trust-manager-factory-algorithm`	string		Trust manager factory algorithm.