If you are getting curl: (35) Unknown SSL protocol error when setting up ServiceEntry using istio make sure you have used correct configuration. Following is a correct example of setting external service entry.
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc
namespace: istio-system
spec:
hosts:
- "google.com"
- "www.google.com"
ports:
- name: https
number: 443
protocol: HTTPS
location: MESH_EXTERNAL
To verify it is set properly run following command:
kubectl -n istio-system get se
If you can see your configured ServiceEntry you are good to go. You can now try following:
kubectl exec -it YOUR_POD -c YOUR_CONTAINER -- curl https://google.com
Hope this helps.