istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update tls docs with minimum supported version and cipher suites (#8420) 

* tls docs

* address review comments

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix lint

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix lint again

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix lint again

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
This commit is contained in:
Rama Chavali 2020-11-06 20:54:47 +05:30 committed by GitHub
parent 661613ae8c
commit eb8c658759
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/en/docs/concepts/security/index.md
View File

@ -190,6 +190,21 @@ follows:
1. After authorization, the server side Envoy forwards the traffic to the
server service through local TCP connections.
Istio configures `TLSv1_2` as the minimum TLS version for both client and server with
the following cipher suites:
- `CDHE-ECDSA-AES256-GCM-SHA384`
- `ECDHE-RSA-AES256-GCM-SHA384`
- `ECDHE-ECDSA-AES128-GCM-SHA256`
- `ECDHE-RSA-AES128-GCM-SHA256`
- `AES256-GCM-SHA384`
- `AES128-GCM-SHA256`
#### Permissive mode
Istio mutual TLS has a permissive mode, which allows a service to accept both