Is there a way I can confirm from istio logs that the sidecar communications are really mTLS
connection.mtls
property on the server should tell you if connection has TLS and the peer presented its certificate. It does not tell you that the server or the client checked the certificate, but it’s a good enough approximation.
Thanks Kuat, We are trying to show to our security team that it is really mTLS. so is there a way in the logs I can check the connection was mTLS
you can also use tcpdump to check the traffic are encrypted, that’s ultimate source of truth of using mTLS.
Also I believe if you turn on the debug logging in enovy, there should be some logging for the TLS connection from both Envoy and the istio authn filter.
In the Kiali, you can show the dashboard/graph which shows “lock” between the communication.