Skip to content

Remove TLS 1.0 and 1.1 from the defaults on the client-side #5395

Closed
#8755
Closed
Remove TLS 1.0 and 1.1 from the defaults on the client-side#5395
#8755
Labels
area/tlsno stalebotDisables stalebot from closing an issue
@PiotrSikora

Description

@PiotrSikora
PiotrSikora
opened on Dec 22, 2018

This is the intent to remove TLS 1.0 and 1.1 from the default TLS protocols on the client-side.

This change will affect your deployment if it's using default minimum TLS protocol version (i.e. not configuring tls_minimum_protocol_version) and it's making outgoing TLS 1.0 or 1.1 connections:

$ curl -s localhost:9901/stats | grep -E "^cluster.*.ssl.versions.TLSv(1|1.1):"
cluster.<service>.ssl.versions.TLSv1: 1
cluster.<service>.ssl.versions.TLSv1.1: 1

(This works only with Envoy v1.9.0 and newer)

ETA: 1.10 (i.e. ~now)

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/tlsno stalebotDisables stalebot from closing an issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions