[D] Configuring mTLS and strict authentication for the Triple protocol in a Zero-Trust architecture [dubbo]

Fri, 05 Jun 2026 17:13:10 -0700 


GitHub user Pournima513 created a discussion: Configuring mTLS and strict 
authentication for the Triple protocol in a Zero-Trust architecture

### Pre-check

- [X] I am sure that all the content I provide is in English.


### Apache Dubbo Component

Java SDK (apache/dubbo)

### Details

Hi Dubbo Community,

I am currently migrating a microservices architecture to Dubbo 3 and would love 
some advice on securing the RPC communications to align with zero-trust 
principles.

Context & Goal:

What I am trying to achieve: I want to ensure that all internal 
service-to-service communication is encrypted and strictly authenticated. 
Specifically, I want to implement mTLS (Mutual TLS) between my consumers and 
providers using the Triple protocol.

Current Setup: I have basic service discovery running via Nacos, and the Triple 
protocol is successfully handling plaintext traffic.

Environment Details:

Dubbo Version: 3.3.6

JDK Version: JDK 17

Registry / Integration: Nacos, Spring Boot 3

My Question:
What is the recommended way to enforce mTLS on the Triple protocol in Dubbo 
3.3.x? Does Dubbo provide a built-in certificate management extension for this, 
or is it better to offload the TLS termination to a service mesh proxy (like 
Envoy) running alongside the Dubbo instances?

If configuring it directly in Dubbo via YAML, would the configuration look 
something like this, or am I missing required security plugins?

YAML
dubbo:
  protocol:
    name: tri
    port: 50051
    ssl-enabled: true
  ssl:
    server-key-cert-chain-path: /certs/server.pem
    server-private-key-path: /certs/server.key
    mutual-tls: true
Thanks in advance for your insights!

### Code of Conduct

- [X] I agree to follow this project's [Code of 
Conduct](https://www.apache.org/foundation/policies/conduct)


GitHub link: https://github.com/apache/dubbo/discussions/16311

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to