Which type of OpenShift route configuration supports client certificate authentication?

Passthrough route configuration on OpenShift is the only route type that preserves the original TLS connection from the client to the backend service. This is essential for supporting client certificate authentication, as the certificate must be passed directly to the application without termination or inspection at the router level. Edge and Re-encrypt routes terminate the TLS connection at the OpenShift router or re-encrypt it with a new certificate, making them unsuitable for mutual TLS (mTLS) or client certificate scenarios.