envoyproxy/envoy

Downstream TLS at listener level

Open

#25,787 opened on Feb 26, 2023

View on GitHub
 (1 comment) (0 reactions) (0 assignees)C++ (5,373 forks)batch import
area/listenerhelp wantedquestion

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (Avg merge 8d) (378 merged PRs in 30d)

Description

Is it currently possible to apply DownstreamTLS context for any new connection opened on a specific TCP listener, instead of a filter chain? My motivation for this is so I could match a filter chain by L7 information, rather than only relying on information that is available before TLS handshake is made. Http inspector for example can only help matching a filter chain if there's no TLS in the context. Thanks

Contributor guide