• About
    • Service mesh
    • Solutions
    • Case studies
    • Ecosystem
    • Deployment
    • FAQ
  • Blog
  • News
  • Get involved
  • Documentation
Try Istio
  • Concepts
    • Traffic Management
    • Security
    • Observability
    • Extensibility
  • Setup
    • Getting Started
    • Platform Setup
      • Platform Prerequisites
      • Alibaba Cloud
      • Azure
      • Docker Desktop
      • Google Kubernetes Engine
      • Huawei Cloud
      • IBM Cloud
      • k3d
      • kind
      • Kops
      • Kubernetes Gardener
      • KubeSphere Container Platform
      • MicroK8s
      • Minikube
      • OpenShift
      • Oracle Cloud Infrastructure
      • Tencent Cloud
    • Install
      • Install with Istioctl
      • Install with Helm
      • Install Multicluster
        • Before you begin
        • Install Multi-Primary
        • Install Primary-Remote
        • Install Multi-Primary on different networks
        • Install Primary-Remote on different networks
        • Verify the installation
      • Install Istio with an External Control Plane
      • Install Multiple Istio Control Planes in a Single Cluster
      • Virtual Machine Installation
      • Istio Operator Install
    • Upgrade
      • Canary Upgrades
      • In-place Upgrades
      • Upgrade with Helm
    • More Guides
      • Getting Started with Istio and Kubernetes Gateway API
      • Installation Configuration Profiles
      • Installing Gateways
      • Installing the Sidecar
      • Customizing the installation configuration
      • Advanced Helm Chart Customization
      • Install Istio with Pod Security Admission
      • Install Istio with the Istio CNI plugin
  • Tasks
    • Traffic Management
      • Request Routing
      • Fault Injection
      • Traffic Shifting
      • TCP Traffic Shifting
      • Request Timeouts
      • Circuit Breaking
      • Mirroring
      • Locality Load Balancing
        • Before you begin
        • Locality failover
        • Locality weighted distribution
        • Cleanup
      • Ingress
        • Ingress Gateways
        • Secure Gateways
        • Ingress Gateway without TLS Termination
        • Ingress Sidecar TLS Termination
        • Kubernetes Ingress
        • Kubernetes Gateway API
      • Egress
        • Accessing External Services
        • Egress TLS Origination
        • Egress Gateways
        • Egress Gateways with TLS Origination
        • Egress using Wildcard Hosts
        • Kubernetes Services for Egress Traffic
        • Using an External HTTPS Proxy
    • Security
      • Certificate Management
        • Plug in CA Certificates
        • Custom CA Integration using Kubernetes CSR *
      • Authentication
        • Authentication Policy
        • JWT claim based routing *
        • Copy JWT Claims to HTTP Headers *
        • Mutual TLS Migration
      • Authorization
        • HTTP Traffic
        • TCP Traffic
        • JWT Token
        • External Authorization
        • Explicit Deny
        • Ingress Access Control
        • Trust Domain Migration
        • Dry Run *
      • TLS Configuration
        • Istio Workload Minimum TLS Version Configuration
    • Policy Enforcement
      • Enabling Rate Limits using Envoy
    • Observability
      • Telemetry API *
      • Metrics
        • Customizing Istio Metrics with Telemetry API
        • Collecting Metrics for TCP Services
        • Customizing Istio Metrics
        • Classifying Metrics Based on Request or Response
        • Querying Metrics from Prometheus
        • Visualizing Metrics with Grafana
      • Logs
        • Configure access logs with Telemetry API
        • Envoy Access Logs
        • OpenTelemetry
      • Distributed Tracing
        • Overview
        • Configure tracing with Telemetry API
        • Apache SkyWalking
        • Jaeger
        • OpenCensus Agent
        • Zipkin
        • Configure tracing using MeshConfig and Pod annotations
        • Lightstep
      • Visualizing Your Mesh
      • Remotely Accessing Telemetry Addons
    • Extensibility
      • Distributing WebAssembly Modules *
  • Examples
    • Bookinfo Application
    • Bookinfo with a Virtual Machine
    • Learn Microservices using Kubernetes and Istio
      • Prerequisites
      • Set up a Kubernetes Cluster
      • Set up a Local Computer
      • Run a Microservice Locally
      • Run ratings in Docker
      • Run Bookinfo with Kubernetes
      • Test in production
      • Add a new version of reviews
      • Enable Istio on productpage
      • Enable Istio on all the microservices
      • Configure Istio Ingress Gateway
      • Monitoring with Istio
  • Operations
    • Deployment
      • Architecture
      • Deployment Models
      • Virtual Machine Architecture
      • Performance and Scalability
      • Application Requirements
    • Configuration
      • Mesh Configuration
        • Dynamic Admission Webhooks Overview
        • Wait on Resource Status for Applied Configuration
        • Health Checking of Istio Services
      • Traffic Management
        • Protocol Selection
        • TLS Configuration
        • Traffic Routing
        • DNS
        • Configuring Gateway Network Topology *
        • DNS Proxying
        • Multi-cluster Traffic Management
      • Security
        • Security policy examples
        • Harden Docker Container Images *
      • Observability
        • Envoy Statistics
        • Monitoring Multicluster Istio with Prometheus
      • Extensibility
        • Pull Policy for WebAssembly Modules *
    • Best Practices
      • Deployment Best Practices
      • Traffic Management Best Practices
      • Security Best Practices
      • Image Signing and Validation
      • Observability Best Practices
    • Common Problems
      • Traffic Management Problems
      • Security Problems
      • Observability Problems
      • Sidecar Injection Problems
      • Configuration Validation Problems
    • Diagnostic Tools
      • Using the Istioctl Command-line Tool
      • Debugging Envoy and Istiod
      • Understand your Mesh with Istioctl Describe
      • Diagnose your Configuration with Istioctl Analyze
      • Verifying Istio Sidecar Injection with Istioctl Check-Inject
      • Istiod Introspection
      • Component Logging
      • Debugging Virtual Machines
      • Troubleshooting Multicluster
      • Troubleshooting the Istio CNI plugin
    • Ambient Mesh
      • Getting Started with Ambient Mesh
      • Ambient Mesh Architecture
    • Integrations
      • cert-manager
      • Grafana
      • Jaeger
      • Kiali
      • Prometheus
      • SPIRE
      • Apache SkyWalking
      • Zipkin
      • Third Party Load Balancers
  • Releases
    • Feature Status
    • Reporting Bugs
    • Security Vulnerabilities
    • Supported Releases
    • Contribute Documentation
      • Work with GitHub
      • Add New Documentation
      • Remove Retired Documentation
      • Build and serve the website locally
      • Front matter
      • Documentation Review Process
      • Add Code Blocks
      • Use Shortcodes
      • Follow Formatting Standards
      • Style Guide
      • Terminology Standards
      • Diagram Creation Guidelines
    • Website Content Changes
  • Reference
    • Configuration
      • Telemetry
      • Analysis Messages
      • Global Mesh Options
      • IstioOperator Options
      • Configuration Status Field
      • Proxy Extensions
        • Wasm Plugin
        • AccessLogPolicy Config
        • Metadata Exchange Config
        • Stackdriver Config
        • Wasm-based Telemetry *
      • Traffic Management
        • Destination Rule
        • Envoy Filter
        • Gateway
        • ProxyConfig
        • Service Entry
        • Sidecar
        • Virtual Service
        • Workload Entry
        • Workload Group
      • Security
        • JWTRule
        • PeerAuthentication
        • RequestAuthentication
        • Authorization Policy
        • Authorization Policy Conditions
        • Authorization Policy Normalization
      • Common Types
        • Workload Selector
      • Istio Standard Metrics
      • Resource Annotations
      • Resource Labels
      • Configuration Analysis Messages
        • AlphaAnnotation
        • Analyzer Message Format
        • ConflictingMeshGatewayVirtualServiceHosts
        • ConflictingSidecarWorkloadSelectors
        • ConflictingTelemetryWorkloadSelectors
        • DeploymentAssociatedToMultipleServices
        • DeploymentConflictingPorts
        • DeploymentRequiresServiceAssociated
        • Deprecated
        • DeprecatedAnnotation
        • EnvoyFilterUsesAddOperationIncorrectly
        • EnvoyFilterUsesRelativeOperation
        • EnvoyFilterUsesRelativeOperationWithProxyVersion
        • EnvoyFilterUsesRemoveOperationIncorrectly
        • EnvoyFilterUsesReplaceOperationIncorrectly
        • ExternalNameServiceTypeInvalidPortName
        • GatewayPortNotOnWorkload
        • InternalError
        • InvalidAnnotation
        • InvalidApplicationUID
        • InvalidGatewayCredential
        • InvalidRegexp
        • InvalidTelemetryProvider
        • JwtFailureDueToInvalidServicePortPrefix
        • LocalhostListener
        • MisplacedAnnotation
        • MTLSPolicyConflict
        • MultipleSidecarsWithoutWorkloadSelectors
        • MultipleTelemetriesWithoutWorkloadSelectors
        • NamespaceMultipleInjectionLabels
        • NamespaceNotInjected
        • NoMatchingWorkloadsFound
        • NoServerCertificateVerificationDestinationLevel
        • NoServerCertificateVerificationPortLevel
        • PodMissingProxy
        • PodsIstioProxyImageMismatchInNamespace
        • PortNameIsNotUnderNamingConvention
        • ReferencedResourceNotFound
        • SchemaValidationError
        • ServiceEntryAddressesRequired
        • UnknownAnnotation
        • VirtualServiceDestinationPortSelectorRequired
        • VirtualServiceHostNotFoundInGateway
        • VirtualServiceIneffectiveMatch
        • VirtualServiceUnreachableRule
    • Commands
      • install-cni
      • istioctl
      • operator
      • pilot-agent
      • pilot-discovery
    • Glossary
  1. Documentation
  2. Tasks
  3. Security
  4. TLS Configuration

TLS Configuration

TLS configuration in Istio.

Istio Workload Minimum TLS Version Configuration

Shows how to configure the minimum TLS version for Istio workloads.

Links

    English 中文
    • Terms and Conditions | Privacy policy | Edit this Page on GitHub
    © 2023 the Istio Authors. Version Archive 1.18.2
    • current release
    • next release
    • older releases