istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update security faq (#1508) (#1543)

This commit is contained in:
Tao Li 2018-06-18 13:04:29 -07:00 committed by Martin Taillefer
parent 8e0667172d
commit c3f9f6d06d
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/help/faq/security/istio-to-not-istio.md
View File

@ -1,5 +1,7 @@
---
title: Can a service with Istio Auth enabled communicate with a service without Istio?
title: Can Istio mutual TLS enabled services communicate with services without Istio?
weight: 20
---
This is not supported currently, but will be in the near future.
Starting with Istio 0.8, a service with Istio mutual TLS enabled can talk to a service without Istio. Mutual TLS is enabled via [authentication policy](/docs/concepts/security/authn-policy/) and this only specifies the service behavior as a server, not client, which means a mutual TLS enabled service will still send http traffic (not mutual TLS) to others unless you explicitly specify it with [destination rule](/docs/reference/config/istio.networking.v1alpha3/#DestinationRule).
However, unless a service without Istio can present a valid certificate, which is less likely to happen, a service without Istio cannot talk to a service with Istio mutual TLS enabled and this is the expected behavior of 'mutual TLS'.