gnutls_handshake() failed: Handshake failed in mTLS, works with SIMPLE #31536
Labels
area/security
lifecycle/automatically-closed
Indicates a PR or issue that has been closed automatically.
lifecycle/stale
Indicates a PR or issue hasn't been manipulated by an Istio team member for a while
(NOTE: This is used to report product bugs:
To report a security vulnerability, please visit https://istio.io/about/security-vulnerabilities
To ask questions about how to use Istio, please visit https://discuss.istio.io)
Bug description
When switching to MUTUAL, secured gateway no longer works
** Expected Error ***
as per document
This works in SIMPLE mode
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[x] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
[ ] Upgrade
Expected behavior
I have a secure gateway that looks like this:
and the secret:
Steps to reproduce the bug
Version
How was Istio installed?
IstioOperator
Environment where the bug was observed (cloud vendor, OS, etc)
AWS EKS
Edit:
The mTLS works when I make the request withing EKS cluster by providing the keys, but only 70% of the time. 2 out 3 requests would return the result, but 1 out of 3 would still fail with the same error:
But still the error without the key is not as per documentation.
Also it seems like it causes the aws-alb-controller ingress to return 502
The text was updated successfully, but these errors were encountered: