I've set up an Envoy config which connects to Trino on localhost port 11610. It adds TLS configs and redirects to a host. When I call the API, I see the envoy logs resolve the host to the correct IP address, but I get this error:
[source/extensions/transport_sockets/tls/ssl_socket.cc:191] [C29] handshake expecting read
[2023-05-17 04:14:24.357][911][debug][connection] [source/extensions/transport_sockets/tls/ssl_socket.cc:198] [C29] handshake error: 1
[2023-05-17 04:14:24.357][911][debug][connection] [source/extensions/transport_sockets/tls/ssl_socket.cc:226] [C29] TLS error: 268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
[2023-05-17 04:14:24.357][911][debug][connection] [source/common/network/connection_impl.cc:208] [C29] closing socket: 0
However, when I call the endpoint directly using curl (and provide all the TLS certs) it works as expected.
I'm using Envoy version 1.15, and it's supposed to support TLSv1.2 and 1.3. The server I'm trying to connect to also supports those TLS versions. Here is my Envoy config for TLS:
tls_context:
common_tls_context:
validation_context:
trusted_ca:
filename: /etc/cacerts.pem
tls_certificates:
- certificate_chain:
filename: "/etc/client.pem"
private_key:
filename: "/etc/client-key.pem"
hosts:
- socket_address:
address: trino-gateway.path.com
port_value: 443
