add defaults for upstream tls

Signed-off-by: Clay Kauzlaric <[email protected]>
projectcontour · Oct 13, 2023 · 9b98cd9 · 9b98cd9
1 parent 09085ae
commit 9b98cd9
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/internal/contourconfig/contourconfiguration.go b/internal/contourconfig/contourconfiguration.go
@@ -120,6 +120,11 @@ func Defaults() contour_api_v1alpha1.ContourConfigurationSpec {
 			},
 			Cluster: &contour_api_v1alpha1.ClusterParameters{
 				DNSLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily,
+				UpstreamTLS: &contour_api_v1alpha1.EnvoyTLS{
+					MinimumProtocolVersion: "1.2",
+					MaximumProtocolVersion: "1.3",
+					CipherSuites:           contour_api_v1alpha1.DefaultTLSCiphers,
+				},
 			},
 			Network: &contour_api_v1alpha1.NetworkParameters{
 				XffNumTrustedHops: ref.To(uint32(0)),

diff --git a/internal/envoy/v3/auth.go b/internal/envoy/v3/auth.go
@@ -34,9 +34,7 @@ func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni st
 		}}
 	}
 
-	tlsParams := &envoy_v3_tls.TlsParameters{
-		TlsMaximumProtocolVersion: ParseTLSVersion("1.3"), // by default, Envoy sets this to 1.2
-	}
+	tlsParams := &envoy_v3_tls.TlsParameters{}
 
 	if upstreamTLS != nil {
 		tlsParams = &envoy_v3_tls.TlsParameters{