diff --git a/pkg/generator/ingress_translator.go b/pkg/generator/ingress_translator.go
index 405b9406c..2d5481ac1 100644
--- a/pkg/generator/ingress_translator.go
+++ b/pkg/generator/ingress_translator.go
@@ -345,7 +345,8 @@ func createUpstreamTLSContext(caCertificate []byte, alpnProtocols ...string) *tl
 		CommonTlsContext: &tlsv3.CommonTlsContext{
 			AlpnProtocols: alpnProtocols,
 			TlsParams: &tlsv3.TlsParameters{
-				TlsMinimumProtocolVersion: tlsv3.TlsParameters_TLSv1_2,
+				TlsMinimumProtocolVersion: tlsv3.TlsParameters_TLSv1_3,
+				TlsMaximumProtocolVersion: tlsv3.TlsParameters_TLSv1_3,
 			},
 			ValidationContextType: &tlsv3.CommonTlsContext_ValidationContext{
 				ValidationContext: &tlsv3.CertificateValidationContext{
diff --git a/pkg/generator/ingress_translator_test.go b/pkg/generator/ingress_translator_test.go
index 3360888c5..31934cd77 100644
--- a/pkg/generator/ingress_translator_test.go
+++ b/pkg/generator/ingress_translator_test.go
@@ -1646,7 +1646,8 @@ func typedConfig(http2 bool) *envoycorev3.TransportSocket_TypedConfig {
 		CommonTlsContext: &auth.CommonTlsContext{
 			AlpnProtocols: alpn,
 			TlsParams: &auth.TlsParameters{
-				TlsMinimumProtocolVersion: auth.TlsParameters_TLSv1_2,
+				TlsMinimumProtocolVersion: auth.TlsParameters_TLSv1_3,
+				TlsMaximumProtocolVersion: auth.TlsParameters_TLSv1_3,
 			},
 			ValidationContextType: &auth.CommonTlsContext_ValidationContext{
 				ValidationContext: &auth.CertificateValidationContext{