istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarify egress TLS rules apply to gateway (#9389)

This commit is contained in:
John Howard 2021-03-25 07:41:52 -07:00 committed by GitHub
parent dd2e10ff00
commit 3be5f27e31
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/en/docs/ops/best-practices/security/index.md
View File

@ -63,7 +63,7 @@ This ensures that even if a client accidentally or maliciously bypasses their si
## Configure TLS verification in Destination Rule when using TLS origination
Istio offers the ability to [originate TLS](/docs/tasks/traffic-management/egress/egress-tls-origination/) from the sidecar proxy.
Istio offers the ability to [originate TLS](/docs/tasks/traffic-management/egress/egress-tls-origination/) from a sidecar proxy or gateway.
This enables applications that send plaintext HTTP traffic to be transparently "upgraded" to HTTPS.
Care must be taken when configuring the `DestinationRule`'s `tls` setting to specify the `caCertificates` field.