Skip to content

Docs: Gateway API Extensions #9395

Description

@kilitr

Hello,

concerning
https://gateway.envoyproxy.io/docs/api/extension_types/#backendtlsconfig

maxVersion claims to be 1.3 - however i verified with a client, that that is not the case. whilst using the default values and trying to connect to a backend that enforces 1.3, the tls connection failed:

{"response_code":503,"response_flags":"UF","start_time":"2026-07-01T09:43:03.085Z","upstream_cluster":"httproute/-/-/rule/0","upstream_host":"192.168.57.99:8443","upstream_local_address":null,"upstream_tls_cipher":null,"upstream_tls_session_id":null,"upstream_tls_version":null,"upstream_transport_failure_reason":"TLS_error:|268436526:SSL_routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION:TLS_error_end"}

When i explicitly set

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
spec:
  backendTLS:
    maxVersion: "1.3"
    minVersion: "1.2"

The connection works and uses TLSv1.3

Kind Regards

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions