Is there a way I can confirm from istio logs that the sidecar communications are really mTLS

Dinesh3467 · December 13, 2019, 10:16am

kuat · December 13, 2019, 8:51pm

connection.mtls property on the server should tell you if connection has TLS and the peer presented its certificate. It does not tell you that the server or the client checked the certificate, but it’s a good enough approximation.

Dinesh3467 · December 13, 2019, 11:07pm

Thanks Kuat, We are trying to show to our security team that it is really mTLS. so is there a way in the logs I can check the connection was mTLS

YangminZhu · December 14, 2019, 12:31am

you can also use tcpdump to check the traffic are encrypted, that’s ultimate source of truth of using mTLS.
Also I believe if you turn on the debug logging in enovy, there should be some logging for the TLS connection from both Envoy and the istio authn filter.

senthilrr · December 14, 2019, 8:44pm

In the Kiali, you can show the dashboard/graph which shows “lock” between the communication.

Topic		Replies	Views
Sidecar to Service communication Security	6	1545	April 26, 2019
Verifying mTLS between services	8	11829	January 26, 2021
Envoy's access log and mTLS verification Networking security	1	1333	December 18, 2022
Istio get mTLS version	7	1170	September 29, 2022
Istio pod to pod mTLS Security	3	2177	July 2, 2020

Is there a way I can confirm from istio logs that the sidecar communications are really mTLS

Related Topics