Server TLS Policy

A Server TLS Policy in Google Cloud defines the configuration for Transport Layer Security (TLS) settings used by a service. It specifies parameters such as supported TLS versions, allowed cipher suites, and certificate requirements to ensure secure communication between clients and servers. This policy helps enforce consistent security standards across services.

gcp.networksecurity_server_tls_policy

Fields

TitleIDTypeData TypeDescription
_keycorestring
allow_opencoreboolThis field applies only for Traffic Director policies. It is must be set to false for Application Load Balancer policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.
ancestorscorearray<string>
create_timecoretimestampOutput only. The timestamp when the resource was created.
datadog_display_namecorestring
descriptioncorestringFree-text description of the resource.
labelscorearray<string>Set of label tags associated with the resource.
mtls_policycorejsonThis field is required if the policy is used with Application Load Balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections.
namecorestringRequired. Name of the ServerTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`
organization_idcorestring
parentcorestring
project_idcorestring
project_numbercorestring
region_idcorestring
resource_namecorestring
server_certificatecorejsonOptional if policy is to be used with Traffic Director. For Application Load Balancers must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with `allow_open` as a permissive mode that allows both plain text and TLS is not supported.
tagscorehstore_csv
update_timecoretimestampOutput only. The timestamp when the resource was updated.
zone_idcorestring