You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: geps/gep-91/index.md
+7-2Lines changed: 7 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,8 +32,13 @@ This proposal adds the ability to validate the TLS certificate presented by the
32
32
These two validation mechanisms operate independently and can be used simultaneously.
33
33
* Introduce a `caCertificateRefs` field within `FrontendTLSValidation` that can be used to specify a list of CA Certificates that can be used as a trust anchor to validate the certificates presented by the client.
34
34
* Add a new `FrontendValidationModeType` enum within `FrontendTLSValidation` indicating how gateway should validate client certificates. As for now we support following values but it might change in the future:
35
-
1)`AllowValidOnly`
36
-
2)`AllowInsecureFallback`
35
+
1)`AllowValidOnly` (Core Support)
36
+
2)`AllowInsecureFallback` (Extended Support)
37
+
38
+
AllowInsecureFallback mode indicates the gateway will accept connections even if the client certificate is not presented or fails verification.
39
+
This approach delegates client authorization to the backend and introduce a significant security risk. It should be used in testing environments or
40
+
on a temporary basis in non-testing environments.
41
+
When `FrontendValidationModeType` is changed from `AllowValidOnly` to `AllowInsecureFallback` the `InsecureFrontendValidationMode` condition MUST be set to True with Reason `ConfigurationChanged` on gateway.
37
42
* Introduce a `ObjectReference` structure that can be used to specify `caCertificateRefs` references.
38
43
* Introduce a `tls` field within the Gateway Spec to allow for a common TLS configuration to apply across all listeners.
0 commit comments