-
|
Can we Client Certs for ETCD RBAC but without TLS Encryption? We want to use RBAC in ETCD using Client Cert Authentication, but we donot want the traffic to be encrypted for performance reasons. Is this supported in ETCD? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @NBK27 - Thanks for your question. I don't believe this is possible no. Client certificate authentication without encryption would pose security risks. Without TLS encryption, the data transmitted between the client and etcd would be susceptible to eavesdropping and tampering, making it vulnerable to attacks and making client cert authentication meaningless. If performance is a significant concern, consider tuning TLS cipher suites and tuning the TLS configuration to achieve a balance between security and performance although I am unsure what gains can be achieved in this area. If transport layer security is turned off you can revert to using passwords for role based access control. Refer to: |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @jmhbnz |
Beta Was this translation helpful? Give feedback.
Hi @NBK27 - Thanks for your question. I don't believe this is possible no.
Client certificate authentication without encryption would pose security risks. Without TLS encryption, the data transmitted between the client and etcd would be susceptible to eavesdropping and tampering, making it vulnerable to attacks and making client cert authentication meaningless.
If performance is a significant concern, consider tuning TLS cipher suites and tuning the TLS configuration to achieve a balance between security and performance although I am unsure what gains can be achieved in this area.
If transport layer security is turned off you can revert to using passwords for role based access control.
Re…