|
| 1 | +<?php |
| 2 | + |
| 3 | +// DO NOT EDIT, this is an Auto-generated file from script/semantic-conventions |
| 4 | + |
| 5 | +declare(strict_types=1); |
| 6 | + |
| 7 | +namespace OpenTelemetry\SemConv\Incubating\Attributes; |
| 8 | + |
| 9 | +/** |
| 10 | + * Semantic attributes and corresponding values for tls. |
| 11 | + * @see https://opentelemetry.io/docs/specs/semconv/registry/attributes/tls/ |
| 12 | + * May contain @experimental Semantic Conventions which may change or be removed in the future. |
| 13 | + */ |
| 14 | +interface TlsIncubatingAttributes |
| 15 | +{ |
| 16 | + /** |
| 17 | + * String indicating the [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5) used during the current connection. |
| 18 | + * |
| 19 | + * The values allowed for `tls.cipher` MUST be one of the `Descriptions` of the [registered TLS Cipher Suits](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#table-tls-parameters-4). |
| 20 | + * |
| 21 | + * @experimental |
| 22 | + */ |
| 23 | + public const TLS_CIPHER = 'tls.cipher'; |
| 24 | + |
| 25 | + /** |
| 26 | + * PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. |
| 27 | + * |
| 28 | + * @experimental |
| 29 | + */ |
| 30 | + public const TLS_CLIENT_CERTIFICATE = 'tls.client.certificate'; |
| 31 | + |
| 32 | + /** |
| 33 | + * Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. |
| 34 | + * |
| 35 | + * @experimental |
| 36 | + */ |
| 37 | + public const TLS_CLIENT_CERTIFICATE_CHAIN = 'tls.client.certificate_chain'; |
| 38 | + |
| 39 | + /** |
| 40 | + * Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. |
| 41 | + * |
| 42 | + * @experimental |
| 43 | + */ |
| 44 | + public const TLS_CLIENT_HASH_MD5 = 'tls.client.hash.md5'; |
| 45 | + |
| 46 | + /** |
| 47 | + * Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. |
| 48 | + * |
| 49 | + * @experimental |
| 50 | + */ |
| 51 | + public const TLS_CLIENT_HASH_SHA1 = 'tls.client.hash.sha1'; |
| 52 | + |
| 53 | + /** |
| 54 | + * Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. |
| 55 | + * |
| 56 | + * @experimental |
| 57 | + */ |
| 58 | + public const TLS_CLIENT_HASH_SHA256 = 'tls.client.hash.sha256'; |
| 59 | + |
| 60 | + /** |
| 61 | + * Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client. |
| 62 | + * |
| 63 | + * @experimental |
| 64 | + */ |
| 65 | + public const TLS_CLIENT_ISSUER = 'tls.client.issuer'; |
| 66 | + |
| 67 | + /** |
| 68 | + * A hash that identifies clients based on how they perform an SSL/TLS handshake. |
| 69 | + * |
| 70 | + * @experimental |
| 71 | + */ |
| 72 | + public const TLS_CLIENT_JA3 = 'tls.client.ja3'; |
| 73 | + |
| 74 | + /** |
| 75 | + * Date/Time indicating when client certificate is no longer considered valid. |
| 76 | + * |
| 77 | + * @experimental |
| 78 | + */ |
| 79 | + public const TLS_CLIENT_NOT_AFTER = 'tls.client.not_after'; |
| 80 | + |
| 81 | + /** |
| 82 | + * Date/Time indicating when client certificate is first considered valid. |
| 83 | + * |
| 84 | + * @experimental |
| 85 | + */ |
| 86 | + public const TLS_CLIENT_NOT_BEFORE = 'tls.client.not_before'; |
| 87 | + |
| 88 | + /** |
| 89 | + * Distinguished name of subject of the x.509 certificate presented by the client. |
| 90 | + * |
| 91 | + * @experimental |
| 92 | + */ |
| 93 | + public const TLS_CLIENT_SUBJECT = 'tls.client.subject'; |
| 94 | + |
| 95 | + /** |
| 96 | + * Array of ciphers offered by the client during the client hello. |
| 97 | + * |
| 98 | + * @experimental |
| 99 | + */ |
| 100 | + public const TLS_CLIENT_SUPPORTED_CIPHERS = 'tls.client.supported_ciphers'; |
| 101 | + |
| 102 | + /** |
| 103 | + * String indicating the curve used for the given cipher, when applicable |
| 104 | + * |
| 105 | + * @experimental |
| 106 | + */ |
| 107 | + public const TLS_CURVE = 'tls.curve'; |
| 108 | + |
| 109 | + /** |
| 110 | + * Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. |
| 111 | + * |
| 112 | + * @experimental |
| 113 | + */ |
| 114 | + public const TLS_ESTABLISHED = 'tls.established'; |
| 115 | + |
| 116 | + /** |
| 117 | + * String indicating the protocol being tunneled. Per the values in the [IANA registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. |
| 118 | + * |
| 119 | + * @experimental |
| 120 | + */ |
| 121 | + public const TLS_NEXT_PROTOCOL = 'tls.next_protocol'; |
| 122 | + |
| 123 | + /** |
| 124 | + * Normalized lowercase protocol name parsed from original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values) |
| 125 | + * |
| 126 | + * @experimental |
| 127 | + */ |
| 128 | + public const TLS_PROTOCOL_NAME = 'tls.protocol.name'; |
| 129 | + |
| 130 | + /** |
| 131 | + * @experimental |
| 132 | + */ |
| 133 | + public const TLS_PROTOCOL_NAME_VALUE_SSL = 'ssl'; |
| 134 | + |
| 135 | + /** |
| 136 | + * @experimental |
| 137 | + */ |
| 138 | + public const TLS_PROTOCOL_NAME_VALUE_TLS = 'tls'; |
| 139 | + |
| 140 | + /** |
| 141 | + * Numeric part of the version parsed from the original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values) |
| 142 | + * |
| 143 | + * @experimental |
| 144 | + */ |
| 145 | + public const TLS_PROTOCOL_VERSION = 'tls.protocol.version'; |
| 146 | + |
| 147 | + /** |
| 148 | + * Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. |
| 149 | + * |
| 150 | + * @experimental |
| 151 | + */ |
| 152 | + public const TLS_RESUMED = 'tls.resumed'; |
| 153 | + |
| 154 | + /** |
| 155 | + * PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. |
| 156 | + * |
| 157 | + * @experimental |
| 158 | + */ |
| 159 | + public const TLS_SERVER_CERTIFICATE = 'tls.server.certificate'; |
| 160 | + |
| 161 | + /** |
| 162 | + * Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. |
| 163 | + * |
| 164 | + * @experimental |
| 165 | + */ |
| 166 | + public const TLS_SERVER_CERTIFICATE_CHAIN = 'tls.server.certificate_chain'; |
| 167 | + |
| 168 | + /** |
| 169 | + * Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. |
| 170 | + * |
| 171 | + * @experimental |
| 172 | + */ |
| 173 | + public const TLS_SERVER_HASH_MD5 = 'tls.server.hash.md5'; |
| 174 | + |
| 175 | + /** |
| 176 | + * Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. |
| 177 | + * |
| 178 | + * @experimental |
| 179 | + */ |
| 180 | + public const TLS_SERVER_HASH_SHA1 = 'tls.server.hash.sha1'; |
| 181 | + |
| 182 | + /** |
| 183 | + * Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. |
| 184 | + * |
| 185 | + * @experimental |
| 186 | + */ |
| 187 | + public const TLS_SERVER_HASH_SHA256 = 'tls.server.hash.sha256'; |
| 188 | + |
| 189 | + /** |
| 190 | + * Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client. |
| 191 | + * |
| 192 | + * @experimental |
| 193 | + */ |
| 194 | + public const TLS_SERVER_ISSUER = 'tls.server.issuer'; |
| 195 | + |
| 196 | + /** |
| 197 | + * A hash that identifies servers based on how they perform an SSL/TLS handshake. |
| 198 | + * |
| 199 | + * @experimental |
| 200 | + */ |
| 201 | + public const TLS_SERVER_JA3S = 'tls.server.ja3s'; |
| 202 | + |
| 203 | + /** |
| 204 | + * Date/Time indicating when server certificate is no longer considered valid. |
| 205 | + * |
| 206 | + * @experimental |
| 207 | + */ |
| 208 | + public const TLS_SERVER_NOT_AFTER = 'tls.server.not_after'; |
| 209 | + |
| 210 | + /** |
| 211 | + * Date/Time indicating when server certificate is first considered valid. |
| 212 | + * |
| 213 | + * @experimental |
| 214 | + */ |
| 215 | + public const TLS_SERVER_NOT_BEFORE = 'tls.server.not_before'; |
| 216 | + |
| 217 | + /** |
| 218 | + * Distinguished name of subject of the x.509 certificate presented by the server. |
| 219 | + * |
| 220 | + * @experimental |
| 221 | + */ |
| 222 | + public const TLS_SERVER_SUBJECT = 'tls.server.subject'; |
| 223 | + |
| 224 | +} |
0 commit comments