Istio get mTLS version


#1

Hi,

There is a way to get the mTLS version?


#2

For sidecar, I think we don’t allow to specify the mTLS version in authentication policy. So we’re actually using the default value from Envoy: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto#auth-tlsparameters

For gateway, you can specify it here: https://preliminary.istio.io/docs/reference/config/istio.networking.v1alpha3/#Server-TLSOptions-TLSProtocol


#3

I mean if there way to get it from the out of process mixer(like the attribute vocabulary)


#4

I’m not sure if we have metric for this. @kuat, @douglas-reid may know more about this from the mixer side.


#5

Not at the moment. There is connection.mtls boolean property, but that’s not enough information.
I don’t imagine it’s hard to add more mTLS properties as attributes. Please file a feature request in istio for tracking.


#6

I open a feature request (link).

Thanks!