Envoyproxy fails if tlsMaxProtocolVersion is set to TLSv1_2 (original) (raw)

This repository was archived by the owner on Jul 11, 2023. It is now read-only.

This repository was archived by the owner on Jul 11, 2023. It is now read-only.

Description

Bug description:

Envoyproxy fails if tlsMaxProtocolVersion is set to TLSv1_2.

Affected area (please mark with X where applicable):

• Install [ ]
• SMI Traffic Access Policy [ ]
• SMI Traffic Specs Policy [ ]
• SMI Traffic Split Policy [ ]
• Permissive Traffic Policy [ ]
• Ingress [ ]
• Egress [ ]
• Envoy Control Plane [ X]
• CLI Tool [ ]
• Metrics [ ]
• Certificate Management [ ]
• Sidecar Injection [ ]
• Logging [ ]
• Debugging [ ]
• Tests [ ]
• Demo [X ]
• CI System [ ]

Expected behavior:

It should work normally

Steps to reproduce the bug (as precisely as possible):

Install test application (bookstore).
kubectl patch meshconfig osm-mesh-config -n kube-system -p '{"spec":{"sidecar":{"tlsMaxProtocolVersion":"TLSv1_2"}}}' --ty
pe=merge

The pods start failing with 503 trying to connect to each other.

How was OSM installed?:

AKS add-on

Anything else we need to know?:

Bug report archive:

Environment:

• OSM version (use osm version): v1.2.3
• Kubernetes version (use kubectl version): 1.24.7
• Size of cluster (number of worker nodes in the cluster): 3 user + 3 system
• Others: Fresh aks install.