diff --git a/pkg/provider/kubernetes/crd/kubernetes.go b/pkg/provider/kubernetes/crd/kubernetes.go
index c4c79f2a8..36720e899 100644
--- a/pkg/provider/kubernetes/crd/kubernetes.go
+++ b/pkg/provider/kubernetes/crd/kubernetes.go
@@ -422,6 +422,26 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
 			}
 		}
 
+		if serversTransport.Spec.MinVersion != "" {
+			if _, exists := tls.MinVersion[serversTransport.Spec.MinVersion]; exists {
+				sTransport.MinVersion = serversTransport.Spec.MinVersion
+			} else {
+				// Min TLS version does not exist
+				logger.Error().Msgf("invalid TLS minimal version: %s", serversTransport.Spec.MinVersion)
+				continue
+			}
+		}
+
+		if serversTransport.Spec.MaxVersion != "" {
+			if _, exists := tls.MaxVersion[serversTransport.Spec.MaxVersion]; exists {
+				sTransport.MaxVersion = serversTransport.Spec.MaxVersion
+			} else {
+				// Min TLS version does not exist
+				logger.Error().Msgf("invalid TLS maximal version: %s", serversTransport.Spec.MaxVersion)
+				continue
+			}
+		}
+
 		forwardingTimeout := &dynamic.ForwardingTimeouts{}
 		forwardingTimeout.SetDefaults()
 
@@ -468,9 +488,9 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
 			InsecureSkipVerify:  serversTransport.Spec.InsecureSkipVerify,
 			RootCAs:             rootCAs,
 			Certificates:        certs,
-			CipherSuites:        serversTransport.Spec.CipherSuites,
-			MinVersion:          serversTransport.Spec.MinVersion,
-			MaxVersion:          serversTransport.Spec.MaxVersion,
+			CipherSuites:        sTransport.CipherSuites,
+			MinVersion:          sTransport.MinVersion,
+			MaxVersion:          sTransport.MaxVersion,
 			DisableHTTP2:        serversTransport.Spec.DisableHTTP2,
 			MaxIdleConnsPerHost: serversTransport.Spec.MaxIdleConnsPerHost,
 			ForwardingTimeouts:  forwardingTimeout,
diff --git a/pkg/server/service/transport.go b/pkg/server/service/transport.go
index 7959f5059..f7a526fe1 100644
--- a/pkg/server/service/transport.go
+++ b/pkg/server/service/transport.go
@@ -187,16 +187,26 @@ func (t *TransportManager) createTLSConfig(cfg *dynamic.ServersTransport) (*tls.
 			}
 		}
 
-		// Set the minimum TLS version if set in the config
+		// Set the min TLS version if set in the config
 		var minVer uint16
-		if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
-			minVer = minConst
+		if cfg.MinVersion != "" {
+			if minConst, exists := traefiktls.MinVersion[cfg.MinVersion]; exists {
+				minVer = minConst
+			} else {
+				// Min TLS version does not exist
+				return nil, fmt.Errorf("invalid TLS minimal version: %v", minVer)
+			}
 		}
 
-		// Set the minimum TLS version if set in the config
+		// Set the min TLS version if set in the config
 		var maxVer uint16
-		if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
-			maxVer = maxConst
+		if cfg.MinVersion != "" {
+			if maxConst, exists := traefiktls.MaxVersion[cfg.MaxVersion]; exists {
+				maxVer = maxConst
+			} else {
+				// Max TLS version does not exist
+				return nil, fmt.Errorf("invalid TLS maximal version: %v", maxVer)
+			}
 		}
 
 		config = &tls.Config{