Related Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways
Compatible Protocols
grpc grpcs http https

3.7.0.0

Release date 2024/05/28

Feature

  • Add default_consumer option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.

3.6.1.4

Release date 2024/05/14

Feature

  • Add default_consumer option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.

3.6.0.0

Release date 2024/02/12

Bugfix

  • Mtls-auth print notice log if revocation check fails with revocation_check_mode = IGNORE_CA_ERROR

3.5.0.4

Release date 2024/05/20

Feature

  • Add default_consumer option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.

3.5.0.0

Release date 2023/11/08

Bugfix

  • mtls-auth should not cache the network failure when doing revocation check

3.4.3.14

Release date 2024/12/17

Bugfix

  • Fixed an issue where a 500 error occurs when the configuration changes with the mTLS plugin enabled.

3.4.3.5

Release date 2024/03/21

Feature

  • Add default_consumer option that allows a default consumer to be used when the client certificate is valid but does not match any existing consumers.

3.4.1.0

Release date 2023/09/28

Bugfix

  • mtls-auth should not cache the network failure when doing revocation check

3.4.0.0

Release date 2023/08/09

Bugfix

  • Fixed several revocation verification issues:

    • If revocation_check_mode=IGNORE_CA_ERROR, then the CRL revocation failure will be ignored.
    • Once a CRL is added into the store, it will always do CRL revocation check with this CRL file.
    • OCSP verification failed with no issuer certificate in chain error if the client only sent a leaf certificate.
    • http_timeout wasn’t correctly set.
  • If revocation_check_mode=IGNORE_CA_ERROR, then the CRL revocation failure will be ignored.

  • Once a CRL is added into the store, it will always do CRL revocation check with this CRL file.

  • OCSP verification failed with no issuer certificate in chain error if the client only sent a leaf certificate.

  • http_timeout wasn’t correctly set.

  • Optimized CRL revocation verification.

  • Fixed an issue that would cause an unexpected error when skip_consumer_lookup is enabled and authenticated_group_by is set to null.

3.2.2.5

Release date 2023/10/12

Bugfix

  • Fixed an issue that caused the plugin to cache network failures when running certificate revocation checks.

3.1.1.2

Release date 2023/01/24

Bugfix

  • Fixed an issue where the plugin used the old route caches after routes were updated.

3.1.0.0

Release date 2022/12/06

Feature

  • The anonymous field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.

  • Added the config.send_ca_dn configuration parameter to support sending CA DNs in the CertificateRequest message during SSL handshakes.

  • Added the allow_partial_chain configuration parameter to allow certificate verification with only an intermediate certificate.

3.0.0.0

Release date 2022/09/09

Feature

  • Introduced certificate revocation list (CRL) and OCSP server support with the following parameters: http_proxy_host, http_proxy_port, https_proxy_host, and https_proxy_port.

Breaking Change

  • Updated the priority for some plugins.: mtls-auth changed from 1006 to 1600

2.8.4.5

Release date 2023/11/28

Bugfix

  • mtls-auth should not cache the network failure when doing revocation check

2.8.4.0

Release date 2023/03/28

Bugfix

  • Fixed an issue where the plugin used the old route caches after routes were updated.

2.8.2.1

Release date 2022/11/21

Bugfix

  • Fixed an issue where the plugin was causing requests to silently fail on Kong Gateway data planes.

2.8.1.1

Release date 2022/05/27

Feature

  • Introduced certificate revocation list (CRL) and OCSP server support with the following parameters: http_proxy_host, http_proxy_port, https_proxy_host, and https_proxy_port.

2.8.0.0

Release date 2022/03/02

Bugfix

  • Fixed attempt to index local 'workspace' error, which occurred when accessing Routes or Services using TLS.

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!