For outbound https/tls connections please have the tls server name set
ceastman-r7 opened this issue · comments
Describe the bug
Outbound https/tls connections do not have the tls server name set so when Istio tries to match the outbound request to an established Istio server entriy it is not able to do so.
Expected Behavior
outbound https/tls connections have the server name set appropriately.
Current Behavior
tls server name is null.
Reproduction Steps
connect to any aws endpoint and inspect the https traffic to see if the server name is set.
Possible Solution
for example another library did this to resolve the issue:
`looks like they went from
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}
to
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
ServerName: request.Host,
},`
Additional Information/Context
No response
SDK version used
latest
Environment details (Version of Go (go version
)? OS name and version, etc.)
go version go1.22.0 darwin/amd64
Hi @ceastman-r7 ,
The SDK doesn't typically manage the lower-level TLS settings directly. Instead, it relies on the underlying Go standard library for networking and TLS/SSL default configs.
For your use case you can use set your own custom transport layer on the SDK client and override the TLS config similarly to what you proposed in your proposed solution.
Since there is no plan to support this functionality out of the box, I'm going to go ahead and close this.
Thanks for reaching out.
Ran~
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.