Agent encryption

As described in the core concepts the communication between Kokomo and the Kokomo CLI agent is always encrypted by default.

Agent encryption

Kokomo by default estabilishes a TLS protected communication between the CLI agent running on your computer (or server) and the Kokomo tunnel that is being provisioned. This encryption is always enabled for all HTTP and TCP traffic, regardless if the mutual TLS capability is enabled or not, since the customizable mTLS security only applies between the client and the Kokomo tunnel.

The TLS encryption between the Kokomo tunnel and the agent is always encrypted even if the service that you are exposing is not encrypted. If instead your service is already encrypted, the Kokomo encryption between the tunnel and the agent is still encrypted above the service encryption in such a way that they don't conflict with each other.