Enum TargetHttpsProxy.TlsEarlyData (1.66.0)

public enum TargetHttpsProxy.TlsEarlyData extends Enum<TargetHttpsProxy.TlsEarlyData> implements ProtocolMessageEnum

Specifies whether TLS 1.3 0-RTT Data ("Early Data") should be accepted for this service. Early Data allows a TLS resumption handshake to include the initial application payload (a HTTP request) alongside the handshake, reducing the effective round trips to "zero". This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). This can improve application performance, especially on networks where interruptions may be common, such as on mobile. Requests with Early Data will have the "Early-Data" HTTP header set on the request, with a value of "1", to allow the backend to determine whether Early Data was included. Note: TLS Early Data may allow requests to be replayed, as the data is sent to the backend before the handshake has fully completed. Applications that allow idempotent HTTP methods to make non-idempotent changes, such as a GET request updating a database, should not accept Early Data on those requests, and reject requests with the "Early-Data: 1" HTTP header by returning a HTTP 425 (Too Early) status code, in order to remain RFC compliant. The default value is DISABLED.

Protobuf enum google.cloud.compute.v1.TargetHttpsProxy.TlsEarlyData

Implements

ProtocolMessageEnum

Static Fields

Name Description
DISABLED

TLS 1.3 Early Data is not advertised, and any (invalid) attempts to send Early Data will be rejected by closing the connection.

DISABLED = 516696700;

DISABLED_VALUE

TLS 1.3 Early Data is not advertised, and any (invalid) attempts to send Early Data will be rejected by closing the connection.

DISABLED = 516696700;

PERMISSIVE

This enables TLS 1.3 0-RTT, and only allows Early Data to be included on requests with safe HTTP methods (GET, HEAD, OPTIONS, TRACE). This mode does not enforce any other limitations for requests with Early Data. The application owner should validate that Early Data is acceptable for a given request path.

PERMISSIVE = 504345247;

PERMISSIVE_VALUE

This enables TLS 1.3 0-RTT, and only allows Early Data to be included on requests with safe HTTP methods (GET, HEAD, OPTIONS, TRACE). This mode does not enforce any other limitations for requests with Early Data. The application owner should validate that Early Data is acceptable for a given request path.

PERMISSIVE = 504345247;

STRICT

This enables TLS 1.3 0-RTT, and only allows Early Data to be included on requests with safe HTTP methods (GET, HEAD, OPTIONS, TRACE) without query parameters. Requests that send Early Data with non-idempotent HTTP methods or with query parameters will be rejected with a HTTP 425.

STRICT = 308826825;

STRICT_VALUE

This enables TLS 1.3 0-RTT, and only allows Early Data to be included on requests with safe HTTP methods (GET, HEAD, OPTIONS, TRACE) without query parameters. Requests that send Early Data with non-idempotent HTTP methods or with query parameters will be rejected with a HTTP 425.

STRICT = 308826825;

UNDEFINED_TLS_EARLY_DATA

A value indicating that the enum field is not set.

UNDEFINED_TLS_EARLY_DATA = 0;

UNDEFINED_TLS_EARLY_DATA_VALUE

A value indicating that the enum field is not set.

UNDEFINED_TLS_EARLY_DATA = 0;

UNRECOGNIZED
UNRESTRICTED

This enables TLS 1.3 Early Data for requests with any HTTP method including non-idempotent methods list POST. This mode does not enforce any other limitations. This may be valuable for gRPC use cases. However, we do not recommend this method unless you have evaluated your security stance and mitigated the risk of replay attacks using other mechanisms.

UNRESTRICTED = 457266100;

UNRESTRICTED_VALUE

This enables TLS 1.3 Early Data for requests with any HTTP method including non-idempotent methods list POST. This mode does not enforce any other limitations. This may be valuable for gRPC use cases. However, we do not recommend this method unless you have evaluated your security stance and mitigated the risk of replay attacks using other mechanisms.

UNRESTRICTED = 457266100;

Static Methods

Name Description
forNumber(int value)
getDescriptor()
internalGetValueMap()
valueOf(Descriptors.EnumValueDescriptor desc)
valueOf(int value)

Deprecated. Use #forNumber(int) instead.

valueOf(String name)
values()

Methods

Name Description
getDescriptorForType()
getNumber()
getValueDescriptor()