kubernetes-ingress istio azure-aks envoyproxy servicemesh

Default Cipher Suites for Istio Ingress-Gateway for Min TLS1.2

Is there a way to check the default cipher suites being used by the Ingress gateway? My gateway has MTLS enabled with minimum TLS version as 1.2.

Solution

Yes, you can find it out by going through the Mutual TLS authentication docs:

Istio configures TLSv1_2 as the minimum TLS version for both client and server with the following cipher suites:

CDHE-ECDSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-GCM-SHA256

AES256-GCM-SHA384

AES128-GCM-SHA256

Kubernetes Ingress Configuration. Influxdb webinterface only shows white screen
Securing grafana ingress with tls in kube-prometheus-stack values.yaml and make grafana available via https
Ingress vs Load Balancer
Install two traefik ingress controller on same kubernetes Cluster
nginx ingress sub path redirection
Kubernetes Nginx Ingress file upload returning 502
Ingress configuration for k8s in different namespaces
Kubernetes 502 Bad Gateway error: connect() failed (111: Connection refused) while connecting to upstream
Helm3 template error calling include: template: no template "microservice.labels" associated with template "gotpl"
Cannot access container from NodePort using Kubernetes ingress istio
404 on a parametered route in ASP.NET Core 8 Web API with K8s Ingress
Reference TLS certificate used by AKS's Ingress from Azure Key Vault
letsencrypt cert request failing for AKS ingress
k8s aks react routing issue: not routing from svc ip but works fine from localhost ip
Kubernetes Ingress non-root path 404 Not Found
gRPC server running on EKS cluster accepts traffic when TLS is disabled, but refuses connection when using certificates created by awspca/cert-manager
Configuring K3S and Traefik Ingress to Expose TCP Port for SSH
GKE Gateway for load balancing creates wrong health check path
Ingress path redirection, helm chart
failed calling webhook "vingress.elbv2.k8s.aws"
Nginx Ingress Controller - Failed Calling Webhook
Minikube with ingress example not working
How to configure a kubernetes bare-metal ingress controller to listen to port 80?
Terraform Kubernetes NGINX Ingress - Host rules not returning 504 (Gateway Timeout)
Kubernetes - connection refuse using nginx ingress
Kubernetes Cluster on Virtualbox VM - pod cannot ping Host
Ingress helm chart error after upgrade from v1beta1 to v1
Is Kube2iam unnecessary with, and/or a part of, EKS?
Istio Ingress does not work - only port forwarding works
Exposing Service from a BareMetal(Kubeadm) Kubernetes Cluster to outside world