Using the following configuration
apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: name: google-se spec: hosts: - www.google.com ports: - number: 443 name: https protocol: HTTPS --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: google-vs spec: hosts: - www.google.com tls: - match: - port: 443 sniHosts: - www.google.com route: - destination: host: www.google.com port: number: 443
when i do a curl from the container that I want to access the url I get
bash-4.2# curl -vvv https://www.google.com * About to connect() to www.google.com port 443 (#0) * Trying 184.108.40.206... * Connected to www.google.com (220.127.116.11) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG) * SSL received a record that exceeded the maximum permissible length. * Closing connection 0 curl: (35) SSL received a record that exceeded the maximum permissible length.
This is using Kubernetes 1.11 and Istio 1.1-Snapshot-6. Could someone point me how to fix this error? Been trying many configurations but no luck so far. Thanks!