I have implemented mTLS for service-to-service security using Istio 1.0.4 on Kubernetes. Is there a configuration to specify the cipher and TLS versions to use with Citadel?
This may not answer the specific question, but I thought it would be nice to let you know that others have asked this question. See links below:
https://github.com/istio/istio/issues/8769 https://github.com/istio/istio/issues/13138
Dealing with ingress traffic is a little different. I may be mistaken, but I think when submitting you own private/public keys, if applicable, istio loads those secrets and read/applies the appropriate ciphers according to the way the secrets were created. See links below for examples:
https://preliminary.istio.io/docs/tasks/traffic-management/secure-ingress/sds/ https://preliminary.istio.io/docs/tasks/traffic-management/secure-ingress/mount/