Istio get mTLS version



There is a way to get the mTLS version?


For sidecar, I think we don’t allow to specify the mTLS version in authentication policy. So we’re actually using the default value from Envoy:

For gateway, you can specify it here:


I mean if there way to get it from the out of process mixer(like the attribute vocabulary)


I’m not sure if we have metric for this. @kuat, @douglas-reid may know more about this from the mixer side.


Not at the moment. There is connection.mtls boolean property, but that’s not enough information.
I don’t imagine it’s hard to add more mTLS properties as attributes. Please file a feature request in istio for tracking.


I open a feature request (link).