Created
June 12, 2019 03:14
-
-
Save Niksko/51a8fe272e603cf3d378c71e05766ea8 to your computer and use it in GitHub Desktop.
Istio mTLS snippets - ALPN istio
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl exec $(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) -c istio-proxy -- openssl s_client -alpn ist | |
| io -connect httpbin:8000/headers -key /etc/certs/key.pem -cert /etc/certs/cert-chain.pem -CAfile /etc/certs/root-cert.pem | |
| depth=1 O = cluster.local | |
| verify return:1 | |
| depth=0 | |
| verify return:1 | |
| DONE | |
| CONNECTED(00000003) | |
| --- | |
| Certificate chain | |
| 0 s: | |
| i:/O=cluster.local | |
| --- | |
| Server certificate | |
| <SNIP> | |
| --- | |
| SSL handshake has read 3126 bytes and written 2277 bytes | |
| --- | |
| New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 | |
| Server public key is 2048 bit | |
| Secure Renegotiation IS supported | |
| Compression: NONE | |
| Expansion: NONE | |
| No ALPN negotiated | |
| SSL-Session: | |
| Protocol : TLSv1.2 | |
| Cipher : ECDHE-RSA-AES128-GCM-SHA256 | |
| <SNIP> | |
| Start Time: 1560309161 | |
| Timeout : 300 (sec) | |
| Verify return code: 0 (ok) | |
| --- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment