Mutual TLS for service communication in Kubernetes - Time & Space Complexity

When services talk securely using mutual TLS, extra steps happen to check identities.

We want to see how the time to connect grows as more services communicate.

Analyze the time complexity of the following Kubernetes configuration snippet.

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: myservice-mtls
spec:
  host: myservice.default.svc.cluster.local
  trafficPolicy:
    tls:
      mode: MUTUAL_TLS

This snippet enables mutual TLS for a service called "myservice" to secure its communication.

Identify the loops, recursion, array traversals that repeat.

• Primary operation: Each service connection performs a TLS handshake involving certificate exchange and verification.
• How many times: This handshake happens every time a new connection is established between services.

As the number of service connections grows, the total handshake operations increase linearly.

Input Size (n connections)	Approx. Handshake Operations
10	10 handshakes
100	100 handshakes
1000	1000 handshakes

Pattern observation: Each new connection adds one handshake, so the total work grows directly with the number of connections.

Time Complexity: O(n)

This means the time to complete all handshakes grows in direct proportion to how many connections happen.

[X] Wrong: "Mutual TLS handshakes happen only once for all connections, so time stays the same no matter how many connections."

[OK] Correct: Each new connection requires its own handshake, so time grows with the number of connections, not fixed.

Understanding how mutual TLS scales helps you design secure systems that stay fast as they grow.

"What if connections reuse TLS sessions instead of new handshakes? How would the time complexity change?"