I have an external service that I have set up with a ServiceEntry. I would like to shift TLS origination to envoy to get better metrics on the outbound connection.
When I do this, connections always fail with a 503 error. I did a bunch of digging and the issue I am encountering is very similar to the one mentioned at the end of this thread:
The workaround mentioned does not apply, as I already have client certificates set to ignore on IIS. Is there a way to tell Istio to not attempt HTTP2?
“In a few cases, HTTP/2 can’t be used in combination with other features. In these situations, Windows will fall back to HTTP/1.1 and continue the transaction. This may involve negotiating HTTP/1.1 during the handshake, or sending an error code to the client instructing it to retry over an HTTP/1.1 connection.”