Adding custom cipher suite to Istio Gateway

Question

I have added few custom cipher suites at the gateway like this :

tls:
      mode: MUTUAL
      credentialName: sds
      minProtocolVersion: TLSV1_2
      maxProtocolVersion: TLSV1_3
      cipherSuites: [ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-ECDSA-AES256-CBC-SHA384|ECDHE-ECDSA-AES128-CBC-SHA256|ECDHE-RSA-AES256-CBC-SHA384|ECDHE-RSA-AES128-CBC-SHA256]

Is there a way to validate if these cipher suites have actually been added? Does it order in the same way as we have specified?

Have you tried to test protocols via sockets - https://testssl.sh/, output should be like https://gist.github.com/pbohman/bb90150a6e62456b07f715e43ec6ee54 ? — Malgorzata, Dec 17 '20 at 12:00

score 3 · Answer 1 · answered Apr 26 '21 at 18:53

3

Just in case you are still wondering the correct format is:

tls:
  mode: MUTUAL
  credentialName: sds
  minProtocolVersion: TLSV1_2
  maxProtocolVersion: TLSV1_3
  cipherSuites:
  - ECDHE-ECDSA-AES256-GCM-SHA384
  - ECDHE-ECDSA-AES128-GCM-SHA256
  - ECDHE-RSA-AES256-GCM-SHA384
  - ECDHE-RSA-AES128-GCM-SHA256
  - ECDHE-ECDSA-AES256-CBC-SHA384
  - ECDHE-ECDSA-AES128-CBC-SHA256
  - ECDHE-RSA-AES256-CBC-SHA384
  - ECDHE-RSA-AES128-CBC-SHA256

answered Apr 26 '21 at 18:53

Inamati

31
2

Welcome to SO. Better to add relevant description with your answer that could be helpful for readers. https://stackoverflow.com/help/how-to-answer – Muhammad Tariq Apr 27 '21 at 05:58

Adding custom cipher suite to Istio Gateway

1 Answers1

Linked