Upgraded a service to dropwizard 4.0.10.
It's deployed in k8s and istio. We saw issues, istio rejected traffic with response: "upgrade_failed"

My dear colleague found a number of reported issues:

• 403 response and Connection: close when "upgrade: TLS/1.2" istio/istio#53239

Someone upgraded their httpclient5 from 5.3.1 to 5.4 and in doing so, all outbound requests fail when the application is running behind Istio.
Digging into it more, it looks like the client is adding the following upgrade headers:
curl -v -H "connection: Upgrade" -H "upgrade: TLS/1.2" http://app.search-one-read.svc.cluster.local/

• HTTP/1.1 TLS Upgrade (RFC-2817) causes upgrade_failed envoyproxy/envoy#36305

From the Dropwizard standpoint, I propose that the io.dropwizard.client.HttpClientConfiguration is expanded with a property boolean protocolUpgradeEnabled which can be used in the io.dropwizard.client.HttpClientBuilder to set the RequestConfig::setProtocolUpgradeEnabled, as this would unblock us.