在1.5.1 中,当我尝试使用以下语法istio
将特定密码套装添加到gateway
'部分时:tls
minProtocolVersion: TLSV1_3
mode: SIMPLE
cipherSuites: [TLS_AES_128_GCM_SHA256]
我在 istio-ingress pod 的日志中收到以下错误:
[Envoy (Epoch 0)] [2020-06-08 15:15:44.033][22][warning][config] [external/envoy/source/common/config/grpc_subscription_impl.cc:87]
gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected:
Error adding/updating listener(s) 0.0.0.0_443: Failed to initialize cipher suites TLS_AES_128_GCM_SHA256.
The following ciphers were rejected when tried individually: TLS_AES_128_GCM_SHA256
如果我cipherSuites
从该部分中删除该行tls
,则没有错误,并且相同的密码套装出现在有效密码套装列表中。
有什么建议吗?谢谢