Skip to content

Support P-384 and P-521 Server ECDSA Certificates #10855

New issue
New issue
Closed
#36369
Closed
Support P-384 and P-521 Server ECDSA Certificates#10855
#36369
Labels
area/tlsenhancementFeature requests. Not bugs or questions.help wantedNeeds help!
@JoelHenn

Description

@JoelHenn
JoelHenn
opened on Apr 20, 2020

Title: Support P-384 and P-521 Server ECDSA Certificates

Description:
Update Envoy to support server ECDSA certificates P-384 and P-521. Given that BoringSSL supports these curves, Envoy should allow servers to use certs with those curves to terminate TLS. The expected behavior is for Envoy to take an ECDSA cert and check to make sure it uses one of the three approved curves.

Relevant Links
Older PR for rejecting non P-256 server ECDSA certs: #5224

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/tlsenhancementFeature requests. Not bugs or questions.help wantedNeeds help!

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions