KrakenD · Schema

KrakenD TLS Configuration

TLS configuration for enabling HTTPS on the KrakenD API Gateway, including certificate paths, minimum TLS version, and cipher suite preferences.

AggregationAPI GatewayGoOpen Source

Properties

Name Type Description
public_key string Path to the public key or certificate PEM file.
private_key string Path to the private key PEM file.
min_version string Minimum TLS version accepted.
max_version string Maximum TLS version accepted.
curve_preferences array Elliptic curve preferences for TLS handshake.
prefer_server_cipher_suites boolean Whether to prefer the server cipher suite order.
cipher_suites array List of supported cipher suite IDs.
disabled boolean Disables TLS even when certificate files are present.
enable_mtls boolean Enables mutual TLS authentication.
ca_certs array Paths to CA certificate files for mTLS client verification.
View JSON Schema on GitHub

JSON Schema

tls.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://github.com/api-evangelist/krakend/blob/main/json-schema/tls.json",
  "title": "KrakenD TLS Configuration",
  "description": "TLS configuration for enabling HTTPS on the KrakenD API Gateway, including certificate paths, minimum TLS version, and cipher suite preferences.",
  "type": "object",
  "required": ["public_key", "private_key"],
  "properties": {
    "public_key": {
      "type": "string",
      "description": "Path to the public key or certificate PEM file."
    },
    "private_key": {
      "type": "string",
      "description": "Path to the private key PEM file."
    },
    "min_version": {
      "type": "string",
      "enum": ["SSL3.0", "TLS10", "TLS11", "TLS12", "TLS13"],
      "description": "Minimum TLS version accepted."
    },
    "max_version": {
      "type": "string",
      "enum": ["SSL3.0", "TLS10", "TLS11", "TLS12", "TLS13"],
      "description": "Maximum TLS version accepted."
    },
    "curve_preferences": {
      "type": "array",
      "items": {
        "type": "integer"
      },
      "description": "Elliptic curve preferences for TLS handshake."
    },
    "prefer_server_cipher_suites": {
      "type": "boolean",
      "description": "Whether to prefer the server cipher suite order."
    },
    "cipher_suites": {
      "type": "array",
      "items": {
        "type": "integer"
      },
      "description": "List of supported cipher suite IDs."
    },
    "disabled": {
      "type": "boolean",
      "default": false,
      "description": "Disables TLS even when certificate files are present."
    },
    "enable_mtls": {
      "type": "boolean",
      "default": false,
      "description": "Enables mutual TLS authentication."
    },
    "ca_certs": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Paths to CA certificate files for mTLS client verification."
    }
  }
}