Configuring TLS versions and ciper suites when using Consul Connect Envoy

Hello Everyone,

I’m running Consul Cluster (3 nodes) and using envoy for connect feature and configuring the CA using Vault. In this implementation Where can I set the TLS versions and cipher suites?

As mentioned In the Connect docs I’m configuring the envoy_public_listener_json but I’m not sure how can I pass the TLS version constraints and cipher suites.

Thanks in Advance

Hi @ravitejb,

Are you trying to configure the list of ciphers supported by the Consul agent, or the ciphers used for establishing TLS connections across the service mesh?

The former can be configured using the tls_cipher_suites configuration option. The latter is currently not configurable. Consul will use the default cipher list supported by Envoy.

1 Like

Hi @blake

I’m trying to configure the TLS protocols and ciphers for TLS connections in Service Mesh
Thanks for the confirmation, we ended up refactoring those defaults in Envoy code and had a custom build.