When I initiate a https connection from my pod to another pod, between the sidecar proxies the connection will be istio mTLS, but will it change my https connection to TCP or https remains same and the connection will be https with istio mTLS
I think all the ingress and egress traffic of pod will go through and controlled by the sidecar envoy proxy. To be more specific, A sidecar proxy is attached to the Control plane, which manages and configures each sidecar in relation to its designated service. All network traffic from an individual service is filtered through the sidecar proxy, which operates as its own infrastructure layer.
Also you can check some faq here: https://istio.io/latest/faq/security/
Thanks @William_Li, Could you advise on the below issue if possible.
I have enabled mTLS for mesh globally, sometimes for pod to pod communications fails with the below error. I have not enabled istio_cni. This gets fixed if I restart the istio-pilot deployment. Getting this issue very frequently.
upstream_transport_failure_reason":"TLS error: 268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
Hi Dinesh,
mTLS is mutual TLS which encrypts the connection automatically you do not have to give https. If you are using HTTPS then it is as good as asking for the proper certificates. try with http and to check if mtls is enabled you can use try to take a tcpdump as see if you can snifff into it.