mTLS for egress - how to define a minimum TLS protocol version

we are facing an issue when configuring an mTLS egress connection to an external server.
We defined our destination rule with:
mode: MUTUAL
caCertificates: /etc/cert-sps-client-mutual/cacert
clientCertificate: /etc/cert-sps-client-mutual/cert
privateKey: /etc/cert-sps-client-mutual/key

and we mounted the corresponding secret to have the certificate information available in the istio-proxy container:

annotations: /userVolumeMount : '[{"name":"sps-client-mutual", "mountPath":"/etc/cert-sps-client-mutual", "readonly":true}]' /userVolume : '[{"name":"sps-client-mutual", "secret":{"secretName":"sps-client-mutual"}}]'

The connection towards the server is attempted but the server rejects it with:

TLSv1 79 Alert (Level: Fatal, Description: Protocol Version)

So it looks it cannot accept the proposed Protocol Version for TLS. How can we set the proper TLS version for the egress ?
I know we could do in gateways for incoming transactions, but what about the outgoing ones ?

we are using Istio 1.14 at the moment
thanks in advace!