Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-12247

Investigate istiod (pilot-discovery) crypto/TLS configuration on RHEL 10

XMLWordPrintable

      Background

      OSSM-12226 validated Envoy (C++/OpenSSL) crypto behavior on RHEL 10. Now we need to validate istiod (Go/crypto-tls) since Go has different system crypto policy interaction.

      Investigation Questions

      		 Question
      Q1 Does istiod bypass system crypto policy, or respect it?
      Q2 How does FIPS mode affect istiod behavior?
      Q3 Is there a crypto/TLS config override in istiod?
      Q4 What's the interaction with RHEL 10 DEFAULT policy?

      Success Criteria

      • All 4 questions answered with evidence
      • RHEL 9 vs RHEL 10 comparison table
      • Clear PASS/FAIL verdict

      Test Environment

      Aspect RHEL 9 RHEL 10
      OpenShift 4.20.8 4.21.0-rc.2
      FIPS Enabled Enabled
      OSSM 3.2.1 3.2.1

      Related

      • OSSM-12226 - Envoy crypto investigation (completed)

              rhn-support-rzago Rafael Zago
              rhn-support-rzago Rafael Zago
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: