Interface CfnTLSInspectionConfiguration.CheckCertificateRevocationStatusProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnTLSInspectionConfiguration.CheckCertificateRevocationStatusProperty.Jsii$Proxy
- Enclosing class:
CfnTLSInspectionConfiguration
@Stability(Stable)
public static interface CfnTLSInspectionConfiguration.CheckCertificateRevocationStatusProperty
extends software.amazon.jsii.JsiiSerializable
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.
If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn
in ServerCertificateConfiguration .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.networkfirewall.*; CheckCertificateRevocationStatusProperty checkCertificateRevocationStatusProperty = CheckCertificateRevocationStatusProperty.builder() .revokedStatusAction("revokedStatusAction") .unknownStatusAction("unknownStatusAction") .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
static final class
An implementation forCfnTLSInspectionConfiguration.CheckCertificateRevocationStatusProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default String
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.default String
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getRevokedStatusAction
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.- PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
- DROP - Network Firewall closes the connection and drops subsequent packets for that connection.
- REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection.
REJECT
is available only for TCP traffic.
- See Also:
-
getUnknownStatusAction
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.- PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
- DROP - Network Firewall closes the connection and drops subsequent packets for that connection.
- REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection.
REJECT
is available only for TCP traffic.
- See Also:
-
builder
@Stability(Stable) static CfnTLSInspectionConfiguration.CheckCertificateRevocationStatusProperty.Builder builder()
-