Last active
June 12, 2019 03:13
-
-
Save Niksko/4fdf3a5ba9c7899db8230d7b3d170aaf to your computer and use it in GitHub Desktop.
Istio mTLS snippets - openssl ALPN http/1.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl exec $(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) -c istio-proxy -- openssl s_client -alpn http | |
| /1.1 -connect httpbin:8000/headers -key /etc/certs/key.pem -cert /etc/certs/cert-chain.pem -CAfile /etc/certs/root-cert.pem | |
| 140223038092952:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: | |
| CONNECTED(00000003) | |
| --- | |
| no peer certificate available | |
| --- | |
| No client certificate CA names sent | |
| --- | |
| SSL handshake has read 0 bytes and written 320 bytes | |
| --- | |
| New, (NONE), Cipher is (NONE) | |
| Secure Renegotiation IS NOT supported | |
| Compression: NONE | |
| Expansion: NONE | |
| No ALPN negotiated | |
| SSL-Session: | |
| Protocol : TLSv1.2 | |
| Cipher : 0000 | |
| Session-ID: | |
| Session-ID-ctx: | |
| Master-Key: | |
| Key-Arg : None | |
| PSK identity: None | |
| PSK identity hint: None | |
| SRP username: None | |
| Start Time: 1560308549 | |
| Timeout : 300 (sec) | |
| Verify return code: 0 (ok) | |
| --- | |
| command terminated with exit code 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment