TLS

• Client certificates: Upstream/client connections can present a client certificate in addition to server certificate verification.
• Certificate verification and pinning: Certificate verification options include basic chain verification, subject name verification, and hash pinning.
• SNI: SNI is currently supported for client connections. Listener support is likely to be added in the future.
• Session resumption: Server connections support resuming previous sessions via TLS session tickets (see RFC 5077). Resumption can be performed across hot restarts and between parallel Envoy instances (typically useful in a front proxy configuration).

Authentication filter