I’m trying to use the gateway TLS options as specified here:
maxProtocolVersion, but it doesn’t seem to have any effect.
I’m running istio 1.4.4
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: gateway-test namespace: istio-gateway spec: selector: istio: ingressgateway servers: - hosts: - <something>/<something> port: name: https number: 443 protocol: HTTPS tls: mode: PASSTHROUGH minProtocolVersion: TLSV1_2 maxProtocolVersion: TLSV1_3
This does not seem to work. I can go into the istio-ingressgateway container, dump the envoy config (via
curl localhost:15000/config_dump) and I’m not seeing any TLS protocol version configuration in the gateway configuration, nor in the target’s istio-proxy configuration. I am able to connect with TLSv1, TLSv1.1 or TLSv1.2. Obviously, I’d only like to connect with TLSv1.2 or higher.
I’m not seeing any obvious errors via
kubectl logs on the containers either.
Suggestions? (Note: this question was also asked by someone else back in May 2019, and there were no responses.)