- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 438 for xtls (0.07 sec)
-
pilot/pkg/simulation/traffic.go
} // For simplicity, set SNI automatically for TLS traffic. if c.Sni == "" && (c.TLS == TLS) { c.Sni = c.HostHeader } if c.Path == "" { c.Path = "/" } if c.TLS == "" { c.TLS = Plaintext } if c.Address == "" { // pick a random address, assumption is the test does not care c.Address = "1.3.3.7" } if c.TLS == MTLS && c.Alpn == "" { c.Alpn = protocolToMTLSAlpn(c.Protocol)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 19.4K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls.go
Sni: tls.Sni, } cb.setAutoSniAndAutoSanValidation(c, tls) // Use subject alt names specified in service entry if TLS settings does not have subject alt names. if opts.serviceRegistry == provider.External && len(tls.SubjectAltNames) == 0 { tls = tls.DeepCopy() tls.SubjectAltNames = opts.serviceAccounts } if tls.CredentialName != "" {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 19.2K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
// to handle mTLS vs plaintext and HTTP vs TCP (depending on protocol and PeerAuthentication). var opts []FilterChainMatchOptions mtls := lb.authnBuilder.ForPort(cc.port.TargetPort) // Chain has explicit user TLS config. This can only apply when the TLS mode is DISABLE to avoid conflicts. if cc.tlsSettings != nil && mtls.Mode == model.MTLSDisable {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/options/serving.go
c := net.ListenConfig{} ctls := multipleControls{} if s.PermitPortSharing { ctls = append(ctls, permitPortReuse) } if s.PermitAddressSharing { ctls = append(ctls, permitAddressReuse) } if len(ctls) > 0 { c.Control = ctls.Control } s.Listener, s.BindPort, err = CreateListener(s.BindNetwork, addr, c) if err != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Apr 27 13:08:18 UTC 2024 - 15.9K bytes - Viewed (0) -
docs/logging/README.md
sasl (on|off) set to 'on' to enable SASL authentication tls (on|off) set to 'on' to enable TLS tls_skip_verify (on|off) trust server TLS without verification, defaults to "on" (verify) client_tls_cert (path) path to client certificate for mTLS auth client_tls_key (path) path to client key for mTLS auth
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Thu May 09 17:15:03 UTC 2024 - 10.4K bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/lds.go
// auto-mtls label is set - clients will attempt to connect using mtls, and // gRPC doesn't support permissive. if node.Labels[label.SecurityTlsMode.Name] == "istio" && mode == model.MTLSPermissive { mode = model.MTLSStrict } var tlsContext *tls.DownstreamTlsContext if mode != model.MTLSDisable && mode != model.MTLSUnknown { tlsContext = &tls.DownstreamTlsContext{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 14.6K bytes - Viewed (0) -
tests/integration/security/reachability_test.go
expectCrossNetwork: never, expectSuccess: always, }, // --------start of auto mtls partial test cases --------------- // The follow three consecutive test together ensures the auto mtls works as intended // for sidecar migration scenario. { name: "migration no tls", configs: config.Sources{ config.File("testdata/reachability/global-peer-authn.yaml.tmpl"),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 20.6K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls_test.go
result: expectedResult{ tlsContext: &tls.UpstreamTlsContext{ CommonTlsContext: &tls.CommonTlsContext{ TlsParams: &tls.TlsParameters{ // if not specified, envoy use TLSv1_2 as default for client. TlsMaximumProtocolVersion: tls.TlsParameters_TLSv1_3, TlsMinimumProtocolVersion: tls.TlsParameters_TLSv1_2, }, TlsCertificateSdsSecretConfigs: []*tls.SdsSecretConfig{ {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 03:53:05 UTC 2024 - 60.9K bytes - Viewed (0) -
pilot/pkg/networking/core/gateway.go
} else { // build http connection manager with TLS context, for HTTPS servers using simple/mutual TLS // build listener with tcp proxy, with or without TLS context, for TCP servers // or TLS servers using simple/mutual/passthrough TLS // or HTTPS servers using passthrough TLS // This process typically yields multiple filter chain matches (with SNI) [if TLS is used] for _, server := range serversForPort.Servers {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 04:44:06 UTC 2024 - 46.4K bytes - Viewed (0) -
operator/cmd/mesh/testdata/manifest-generate/input/gateways.yaml
ports: ## You can add custom gateway ports - google ILB default quota is 5 ports, - port: 15011 name: grpc-pilot-mtls - port: 8060 targetPort: 8060 name: tcp-citadel-grpc-tls # Port 5353 is forwarded to kube-dns - port: 5353 name: tcp-dns overlays: - kind: Deployment
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 18:16:49 UTC 2024 - 1.5K bytes - Viewed (0)