Skip to content

SDS was rejected because CryptoMB fallback failed.  #54025

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
SDS was rejected because CryptoMB fallback failed. #54025
Labels
area/security
@MaYuan-02

Description

@MaYuan-02
MaYuan-02
opened on Nov 22, 2024

Is this the right place to submit this?

  • This is not a security vulnerability or a crashing bug
  • This is not a question about how to use Istio

Bug Description

I enabled cryptomb and set fallback to true. But the node doesn't support cryptomb. Envoy fallback to private_key from private_key_provider. Current sds implemention doesn't set private_key when cryptomb enabled and this will cause fallback failed.
Envoy's current document about private_key_provider is inaccurate. Related Issue.
Maybe we need to fix this.

Version

istio 1.23.3

Additional Information

No response

Metadata

Assignees

No one assigned

    Labels

    area/security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions