@incfly I have installed istio 1.6 and with the below gateway settings and it seems that doesn’t work properly, because a run testssl and got this response
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 h2, http/1.1, grpc-exp (offered)
gateway.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
labels:
operator.istio.io/component: IngressGateway
operator.istio.io/managed: Reconcile
operator.istio.io/version: 1.5.1
release: istio
name: default-gateway
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- REDACTED
port:
name: http
number: 80
protocol: http
tls:
httpsRedirect: true
- hosts:
- REDACTED
port:
name: https
number: 443
protocol: HTTPS
tls:
mode: SIMPLE
minProtocolVersion: TLSV1_2
maxProtocolVersion: TLSV1_3
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key