envoyproxy · arkodg · Jan 10, 2024 · Jan 10, 2024
@@ -10,26 +10,24 @@ package v1alpha1
 type TLSSettings struct {
 
 	// Min specifies the minimal TLS protocol version to allow.
-	//
 	// The default is TLS 1.2 if this is not specified.
+	//
 	// +optional
 	MinVersion *TLSVersion `json:"minVersion,omitempty"`
 
 	// Max specifies the maximal TLS protocol version to allow
-	//
 	// The default is TLS 1.3 if this is not specified.
+	//
 	// +optional
 	MaxVersion *TLSVersion `json:"maxVersion,omitempty"`
 
 	// Ciphers specifies the set of cipher suites supported when
 	// negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
-	//
 	// In non-FIPS Envoy Proxy builds the default cipher list is:
 	// - [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
 	// - [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
 	// - ECDHE-ECDSA-AES256-GCM-SHA384
 	// - ECDHE-RSA-AES256-GCM-SHA384
-	//
 	// In builds using BoringSSL FIPS the default cipher list is:
 	// - ECDHE-ECDSA-AES128-GCM-SHA256
 	// - ECDHE-RSA-AES128-GCM-SHA256
@@ -43,7 +41,6 @@ type TLSSettings struct {
 	// In non-FIPS Envoy Proxy builds the default curves are:
 	// - X25519
 	// - P-256
-	//
 	// In builds using BoringSSL FIPS the default curve is:
 	// - P-256
 	//
@@ -58,7 +55,6 @@ type TLSSettings struct {
 
 	// ALPNProtocols supplies the list of ALPN protocols that should be
 	// exposed by the listener. By default h2 and http/1.1 are enabled.
-	//
 	// Supported values are:
 	// - http/1.0
 	// - http/1.1

@@ -162,10 +162,9 @@ spec:
                   the downstream client.
                 properties:
                   alpnProtocols:
-                    description: "ALPNProtocols supplies the list of ALPN protocols
+                    description: 'ALPNProtocols supplies the list of ALPN protocols
                       that should be exposed by the listener. By default h2 and http/1.1
-                      are enabled. \n Supported values are: - http/1.0 - http/1.1
-                      - h2"
+                      are enabled. Supported values are: - http/1.0 - http/1.1 - h2'
                     items:
                       description: ALPNProtocol specifies the protocol to be negotiated
                         using ALPN
@@ -176,29 +175,29 @@ spec:
                       type: string
                     type: array
                   ciphers:
-                    description: "Ciphers specifies the set of cipher suites supported
+                    description: 'Ciphers specifies the set of cipher suites supported
                       when negotiating TLS 1.0 - 1.2. This setting has no effect for
-                      TLS 1.3. \n In non-FIPS Envoy Proxy builds the default cipher
-                      list is: - [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
+                      TLS 1.3. In non-FIPS Envoy Proxy builds the default cipher list
+                      is: - [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
                       - [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
                       - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384
-                      \n In builds using BoringSSL FIPS the default cipher list is:
-                      - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
-                      - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384"
+                      In builds using BoringSSL FIPS the default cipher list is: -
+                      ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
+                      - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384'
                     items:
                       type: string
                     type: array
                   ecdhCurves:
-                    description: "ECDHCurves specifies the set of supported ECDH curves.
+                    description: 'ECDHCurves specifies the set of supported ECDH curves.
                       In non-FIPS Envoy Proxy builds the default curves are: - X25519
-                      - P-256 \n In builds using BoringSSL FIPS the default curve
-                      is: - P-256"
+                      - P-256 In builds using BoringSSL FIPS the default curve is:
+                      - P-256'
                     items:
                       type: string
                     type: array
                   maxVersion:
-                    description: "Max specifies the maximal TLS protocol version to
-                      allow \n The default is TLS 1.3 if this is not specified."
+                    description: Max specifies the maximal TLS protocol version to
+                      allow The default is TLS 1.3 if this is not specified.
                     enum:
                     - Auto
                     - "1.0"
@@ -207,8 +206,8 @@ spec:
                     - "1.3"
                     type: string
                   minVersion:
-                    description: "Min specifies the minimal TLS protocol version to
-                      allow. \n The default is TLS 1.2 if this is not specified."
+                    description: Min specifies the minimal TLS protocol version to
+                      allow. The default is TLS 1.2 if this is not specified.
                     enum:
                     - Auto
                     - "1.0"

@@ -2010,18 +2010,12 @@ _Appears in:_
 
 | Field | Description |
 | --- | --- |
-| `minVersion` _[TLSVersion](#tlsversion)_ | Min specifies the minimal TLS protocol version to allow. 
- The default is TLS 1.2 if this is not specified. |
-| `maxVersion` _[TLSVersion](#tlsversion)_ | Max specifies the maximal TLS protocol version to allow 
- The default is TLS 1.3 if this is not specified. |
-| `ciphers` _string array_ | Ciphers specifies the set of cipher suites supported when negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3. 
- In non-FIPS Envoy Proxy builds the default cipher list is: - [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] - [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 
- In builds using BoringSSL FIPS the default cipher list is: - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 |
-| `ecdhCurves` _string array_ | ECDHCurves specifies the set of supported ECDH curves. In non-FIPS Envoy Proxy builds the default curves are: - X25519 - P-256 
- In builds using BoringSSL FIPS the default curve is: - P-256 |
+| `minVersion` _[TLSVersion](#tlsversion)_ | Min specifies the minimal TLS protocol version to allow. The default is TLS 1.2 if this is not specified. |
+| `maxVersion` _[TLSVersion](#tlsversion)_ | Max specifies the maximal TLS protocol version to allow The default is TLS 1.3 if this is not specified. |
+| `ciphers` _string array_ | Ciphers specifies the set of cipher suites supported when negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3. In non-FIPS Envoy Proxy builds the default cipher list is: - [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] - [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 In builds using BoringSSL FIPS the default cipher list is: - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 |
+| `ecdhCurves` _string array_ | ECDHCurves specifies the set of supported ECDH curves. In non-FIPS Envoy Proxy builds the default curves are: - X25519 - P-256 In builds using BoringSSL FIPS the default curve is: - P-256 |
 | `signatureAlgorithms` _string array_ | SignatureAlgorithms specifies which signature algorithms the listener should support. |
-| `alpnProtocols` _[ALPNProtocol](#alpnprotocol) array_ | ALPNProtocols supplies the list of ALPN protocols that should be exposed by the listener. By default h2 and http/1.1 are enabled. 
- Supported values are: - http/1.0 - http/1.1 - h2 |
+| `alpnProtocols` _[ALPNProtocol](#alpnprotocol) array_ | ALPNProtocols supplies the list of ALPN protocols that should be exposed by the listener. By default h2 and http/1.1 are enabled. Supported values are: - http/1.0 - http/1.1 - h2 |
 
 
 #### TLSVersion