Hello,
concerning
https://gateway.envoyproxy.io/docs/api/extension_types/#backendtlsconfig
maxVersion claims to be 1.3 - however i verified with a client, that that is not the case. whilst using the default values and trying to connect to a backend that enforces 1.3, the tls connection failed:
{"response_code":503,"response_flags":"UF","start_time":"2026-07-01T09:43:03.085Z","upstream_cluster":"httproute/-/-/rule/0","upstream_host":"192.168.57.99:8443","upstream_local_address":null,"upstream_tls_cipher":null,"upstream_tls_session_id":null,"upstream_tls_version":null,"upstream_transport_failure_reason":"TLS_error:|268436526:SSL_routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION:TLS_error_end"}
When i explicitly set
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
spec:
backendTLS:
maxVersion: "1.3"
minVersion: "1.2"
The connection works and uses TLSv1.3
Kind Regards
Hello,
concerning
https://gateway.envoyproxy.io/docs/api/extension_types/#backendtlsconfig
maxVersion claims to be 1.3 - however i verified with a client, that that is not the case. whilst using the default values and trying to connect to a backend that enforces 1.3, the tls connection failed:
{"response_code":503,"response_flags":"UF","start_time":"2026-07-01T09:43:03.085Z","upstream_cluster":"httproute/-/-/rule/0","upstream_host":"192.168.57.99:8443","upstream_local_address":null,"upstream_tls_cipher":null,"upstream_tls_session_id":null,"upstream_tls_version":null,"upstream_transport_failure_reason":"TLS_error:|268436526:SSL_routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION:TLS_error_end"}When i explicitly set
The connection works and uses TLSv1.3
Kind Regards