From GitHub issues

Configuring cipher suites and ECDH curves
https://docs.openshift.com/container-platform/4.10/service_mesh/v2x/ossm-security.html#ossm-security-cipher_ossm-security

What needs fixing?

In service mesh 2.x the configuration for setting cipher suites and ecdh curves are actually in a slightly different level in the ServiceMeshControlPlane resource, thus the below aren't correct (they are only valid in OSSM 1.x):

• spec.istio.global.tls.cipherSuites
• spec.istio.global.tls.ecdhCurves

They are in fact configured in for OSSM 2.x:

• spec.security.controlplane.tls.cipherSuites
• spec.security.controlplane.tls.ecdhCurves

i.e. https://github.com/maistra/istio-operator/blob/maistra-2.2/pkg/apis/maistra/v2/smcp_new.yaml

Things to do to fix this:

Clone the ossm-security-cipher.adoc module and rename it ossm-security-cipher-1x.adoc .

Update the ossm-security.adoc assembly in the v1x folder so that the include points to the new cloned file ossm-security-cipher-1x.adoc.

Update the ossm-security-cipher.adoc module to the correct configuration for 2.x as shown above.