Envoy version 1.10.0 is the last version that will support TLS 1.0, 1.1, 1.2, and 1.3 protocols. Envoy 1.11.0 and later versions support TLS 1.0 and 1.1 only. When upgrading, Envoy recommends that you review your options for upgrading your TLS 1.x servers to TLS 1.1 or to TLS 1.2. Envoy recommends TLS 1.2 as the minimum requirement for Envoy.
, 1.1, 1.2, and 1.3
The Transport Layer Security (TLS) protocol is a cryptographic protocol that provides communication security over a computer network. It is one of many protocols in the TLS/SSL family that provide communications security over the Internet using public-key cryptography between two networked devices. TLS does not require the use of a password or any other secret token, making it more convenient and less vulnerable than previous protocols like SSLv3.
In order to protect against various attacks on the connection and data (for example, eavesdropping), TLS uses certificates, message authentication codes such as HMACs and digital signatures, and negotiation of cipher suites (a list of ciphers agreed upon between peers).
TLS 1.2 is the new minimum requirement
In order to provide the best possible security, Envoy recommends TLS 1.2 as the new minimum requirement for Envoy. This is because TLS 1.2 provides encryption that is not vulnerable to POODLE and a number of other potential exploits.
TLS 1.0 was attacked in 2014 by a number of vulnerabilities, including CVE-2014-3566 and CVE-2014-3567, which affects how the protocol handles padding and how it negotiates keys with clients. The protocol also has known weaknesses with cipher suites that implement 40-bit encryption algorithms such as MD5 and SHA1 (see RFC 5246).
As a result, we recommend that all users upgrade their servers to TLS 1.1 or TLS 1.2 in order to maintain proper security precautions in deploying Envoy within their fleet or on their behalf.
TLS 1.0 Encryption Weaknesses
Lack of Forward Secrecy: TLS 1.0, 1.1, and 1.2 are vulnerable to a weakness referred to as the “Logjam” attack. This attack causes an attacker to obtain the encryption key from a server by forcing it to perform a Diffie-Hellman key exchange with a specially crafted initial message. The attacker then uses the resulting shared secret to decrypt all communications between that server and other servers that use TLS 1.0 or TLS 1.1 (or later versions).
Expired Certificates: Envoy does not support TLS for older than ten year old certificates, including those issued by CACert validation services such as Certplus, RapidSSL, and Root CA/Browser Forum (RBF) Certification Services.
Duplicate or Obsolete Configuration Keys: If you have configured your system using multiple TLS certificates, it is possible that you will have combined them into one configuration file when updating your system from one version of Envoy to another version of Envoy. If this happens, your configuration file may contain outdated keys for newer configurations which would prevent your system from connecting securely to other systems on the network (known as "cross certifying" certificates).
TLS 1.2 support
TLS 1.2 is a more secure protocol than TLS 1.1 and TLS 1.0, which means that the Envoy upgrade will not leave your server vulnerable to attack from the most recent exploits.
A vulnerability was discovered in TLS 1.3 that has been fixed in Envoy versions 1.11.0 and later versions of Envoy. The vulnerability allows attackers to decrypt traffic even if TLS 1.3 is used between client and server to encrypt data for transport over an insecure medium such as Wi-Fi or a cellular network. This means that any data sent from a device using an encrypted connection could be decrypted by an attacker with access to the connection's network, regardless of whether the data is being transmitted by browser or some other application during a session initiated on the local machine or during a session initiated on a mobile device.