I am running Istio 1.0.6 and saw that envoy has TLS Tickets enabled by default. When running with only one Ingress Gateway, session is resumed correctly (
openssl s_client -connect [ENDPOINT] -reconnect).
On the other hand, when Ingress Gateway is scaled to multiple replicas, session may sometime be resumed (if it land on the same pod I guess), but in most case it’s not, and a new TLS Tickets is issued.
Is there any configuration that can be done to change this behaviour, or is it simply not implemented in Istio (if so, is it a planned feature ?).