https://vo.rs/tags/mtls/Mtls - Tag - vo.rsHugo -- gohugo.ioenThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.Thu, 11 Dec 2025 16:00:00 +0000https://vo.rs/story/mtls-mutual-tls-between-services-without-a-service-mesh/<p>Ordinary TLS proves the server&rsquo;s identity to the client. The browser checks the certificate, sees a name it trusts, and gets on with the conversation. The server, meanwhile, has no idea who the client is — it&rsquo;ll talk to anyone. For service-to-service traffic inside your own infrastructure that&rsquo;s backwards. You frequently care far more about <em>which client</em> is calling than the client cares about the server. Mutual TLS fixes that: both ends present certificates, both ends verify, and an unauthenticated caller never gets past the handshake.</p>Thu, 11 Dec 2025 16:00:00 +0000