Redis TLS Origination through the sidecar Author: Sam Stoelinga | Twitter: samosx | GitHub: samos123 Based on blog post: https://samos-it.com/posts/securing-redis-istio-tls-origniation-termination Architecture: K8s app using Redis over TLS only app-1 Namespace ms-1 K8s Pod External DB ms-2 K8s Pod ms-3 K8s Pod TLS only ● App with multiple microservices ● external Redis TLS only ● each microservice traffic Istio TLS Origination Architecture: K8s app using Redis over TLS only (TLS origination) app-1 Namespace ms-1 K8s Pod External DB container app container istio-proxy TCP TLS ● app talks

Golang to the rescue: Saving DevOps from TLS turmoil GopherCon 2017 Lightning Talk Chris Short Manager of DevOps at Bankrate Introduction Chris Short Manager of DevOps at Bankrate (http://www.bankrate derived from an opensource.com article I wrote in April 2017: Golang to the rescue: Saving DevOps from TLS turmoil (https://opensource.com/article/17/4/testing-certi�cate-chains-34-line-go-program) But Most crypto/tls The Go crypto/tls (https://golang.org/pkg/crypto/tls/) package partially implements TLS 1.2, as speci�ed in RFC 5246 (https://tools.ietf.org/html/rfc5246) Package con�gures usable SSL/TLS versions

第三届中国Rust开发者大会 简谈 Rust 与国密 TLS Introduction on Rust and SM TLS Title 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 就职于华为，目前正在使用 Rust 开发密码相关模块。 Rustacean 在华为。 Title 简谈 Rust 与国密 TLS Introduction on Rust Rust and Shangmi TLS 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 Overview of Shangmi Cryptography #1 国密算法总览 Table of Contents 目录 Use of Rust in Implementing Cryptographic Algorithms and Protocols 境外 不得使用 国密算法与协议介绍 Introduction to Shangmi Algorithms and Protocols Section #2 • 国密套件算法简介 • 国密 TLS 简介 来源：国密算法加密芯片，支持国密全套件等安全算法，http://www.bjlcs- tech.com/article/95.html 国密套件总览 List of Shangmi Cryptography

and --etcd-keyfile arguments are set as appropriate (Automated) 1.2.30 Ensure that the --tls-cert-file and --tls-private- key-file arguments are set as appropriate (Automated) 1.2.31 Ensure that the --client-ca-file Ensure that the --client-cert-auth argument is set to true (Automated) 2.3 Ensure that the --auto-tls argument is not set to true (Automated) 2.4 Ensure that the --peer-cert-file and --peer-key-file arguments that the --peer-client-cert-auth argument is set to true (Automated) 2.6 Ensure that the --peer-auto-tls argument is not set to true (Automated) 2.7 Ensure that a unique Certificate Authority is used for

communications between nodes using TLS. An example of a TLS communication would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes network. There must be at least one TLS Root CA certificate in this folder. For more information about TLS, see Securing Communication with Transport Layer Security (TLS). • tlsintermediatecacerts: This nodes using TLS. This folder is specifically use- ful when commercial CAs are used for TLS certificates of an organization. Similar to membership intermediate CAs, specifying intermediate TLS CAs is optional

communications between nodes using TLS. An example of a TLS communication would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes network. There must be at least one TLS Root CA certificate in this folder. For more information about TLS, see Securing Communication with Transport Layer Security (TLS). tlsintermediatecacerts: This folder nodes using TLS. This folder is specifically useful when commercial CAs are used for TLS certificates of an organization. Similar to membership intermediate CAs, specifying intermediate TLS CAs is optional

communications between nodes using TLS. An example of a TLS communication would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes network. There must be at least one TLS Root CA certificate in this folder. For more information about TLS, see Securing Communication with Transport Layer Security (TLS). • tlsintermediatecacerts: This nodes using TLS. This folder is specifically use- ful when commercial CAs are used for TLS certificates of an organization. Similar to membership intermediate CAs, specifying intermediate TLS CAs is optional

communications between nodes using TLS. An example of a TLS communication would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes network. There must be at least one TLS Root CA certificate in this folder. For more information about TLS, see Securing Communication with Transport Layer Security (TLS). • tlsintermediatecacerts: This nodes using TLS. This folder is specifically use- ful when commercial CAs are used for TLS certificates of an organization. Similar to membership intermediate CAs, specifying intermediate TLS CAs is optional

communications between nodes using TLS. An example of a TLS communication would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes network. There must be at least one TLS Root CA certificate in this folder. For more information about TLS, see Securing Communication with Transport Layer Security (TLS). tlsintermediatecacerts: This folder nodes using TLS. This folder is specifically useful when commercial CAs are used for TLS certificates of an organization. Similar to membership intermediate CAs, specifying intermediate TLS CAs is optional

signing abilities. • TLS Root CA: This folder contains a list of self-signed X.509 certificates of the Root CAs trusted by this organization for TLS communications. An example of a TLS communication would would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes inside the network — the peers and the orderers, in other words, rather least one TLS Root CA X.509 certificate in this folder. • TLS Intermediate CA: This folder contains a list intermediate CA certificates CAs trusted by the organization represented by this MSP for TLS communications