1

Is there a way to check the default cipher suites being used by the Ingress gateway? My gateway has MTLS enabled with minimum TLS version as 1.2.

Jim
  • 355
  • 7
  • 20

1 Answers1

1

Yes, you can find it out by going through the Mutual TLS authentication docs:

Istio configures TLSv1_2 as the minimum TLS version for both client and server with the following cipher suites:

  • CDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-GCM-SHA256

Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37
  • I have a scenario to update the cipher suites to a different set and I am wondering how to validate the updated set? – Jim Dec 17 '20 at 07:33
  • That would be a different story. Please ask a separate question where you can describe that scenario in more detail. That would be more clear for the rest of the community (no multiple topics in one stack question). – Wytrzymały Wiktor Dec 17 '20 at 09:03
  • 1
    Yes I realized later and asked a separate question : https://stackoverflow.com/questions/65337486/adding-custom-cipher-suite-to-istio-gateway – Jim Dec 17 '20 at 09:07