mchendil82
commented
6 years ago Can someone please help me on this... ?
Open mchendil82 opened 6 years ago
mchendil82
commented
6 years ago Can someone please help me on this... ?
Is this a BUG or FEATURE REQUEST?: Feature request
Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?:
Bug: N
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
Is Istio Auth enabled or not ? Did you install the stable istio.yaml, istio-auth.yaml.... or if using the Helm chart please provide full command line input. Yes, stable version istio 1.7.1 is installed
What happened:
I am trying to prove with Enterprise Security team that Envoy containers are doing mTLS hand shake in ISTIO. But I am not to able find right tool or procedure to show case actual TLS handshake logs between envoy or some way of visualizing it.. Earlier we were using certificates bundled within our PODS or JVM and I was able to showcase and prove the acutal handshake between services through the JVM SSL debug logs.. This is required for me to recommend ISTO in our environment for handling secure transactions between services..
What you expected to happen: https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html .. Something similar should be there to prove that mTLS is there...
I understand that there is a document to verify mTLS from ISTIO-Proxy but it is doesn't show the handshake details between envoy proxies... https://istio.io/docs/tasks/security/mutual-tls.html#testing-the-authentication-setup
How to reproduce it:
Feature Request: Y
Describe the feature: