Minimum TLS version?

framled · July 23, 2020, 3:18pm

@incfly I have installed istio 1.6 and with the below gateway settings and it seems that doesn’t work properly, because a run testssl and got this response

Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 h2, http/1.1, grpc-exp (offered)

gateway.yaml

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  labels:
    operator.istio.io/component: IngressGateway
    operator.istio.io/managed: Reconcile
    operator.istio.io/version: 1.5.1
    release: istio
  name: default-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - hosts:
        - REDACTED
      port:
        name: http
        number: 80
        protocol: http
      tls:
        httpsRedirect: true
    - hosts:
        - REDACTED
      port:
        name: https
        number: 443
        protocol: HTTPS
      tls:
        mode: SIMPLE
        minProtocolVersion: TLSV1_2
        maxProtocolVersion: TLSV1_3
        serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
        privateKey: /etc/istio/ingressgateway-certs/tls.key

Topic		Replies	Views
minProtocolVersion via IstioOperator	1	535	January 13, 2022
How to force istio-ingressgateway to use tls 1.3 towards upstream Config	0	477	November 23, 2021
Configuring TLS Versions Security	13	7693	November 16, 2020
Server must have TLS settings for HTTPS/TLS protocols Networking	1	4594	May 4, 2020
503 errors when using TLS on gateway Networking	5	3444	June 22, 2020

Minimum TLS version?

Related Topics