Johan Brandhorst-Satzkorn
Johan Brandhorst-Satzkorn
Testing with gRPC-Go 1.19.1 I can't get this to work even with ``` grpcL := mux.MatchWithWriters(cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc")) ``` Has anything changed in 1.19 to make this even harder? I tried...
I haven't tried 1.18 yet, but yes it is a simple grpc-go client. I'll try 1.18 and below.
Hm, everything is working as expected when serving gRPC without TLS. I guess this is a false alarm. What's the best way to use `cmux` and still encrypt the connection?
For future reference; I got the following working: 1. Use `tls.Listen` to create the listener. 1. Use `(*grpc.Server).Serve` without `grpc.Creds`. 1. Use `grpc.WithTransportCredentials` as usual in the client.
There should be no reason you can't do TLS termination before any packets reach the service.
This is probably not the place, no. Maybe raise an issue against Envoy?
There's a question to be asked about why you're using cmux behind a proxy like envoy anyway. Envoy can do the traffic splitting for you, so why not just remove...
I think we can move this discussion to the #grpc channel on Gophers slack. We've taken up this issue for long enough.
That is correct, TLS is terminated by cmux, but it's still in-memory, so it's about the same level of security.
Thanks for the issue report! Certify was designed with a common name being required for issuing client side certificates. I agree that in general x509 use common names are optional,...