tls: support for ECDSA P-384 and P-521 certificates (#10855) #36369
+91
−25
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commit Message: tls: support for ECDSA P-384 and P-521 certificates (#10855)
Additional Description: Commercial National Security Algorithm Suite (CNSA) requires ECDSA keys be specified with P-384 curves. The assertion that there are no security benefits to curves higher than P-256 is no longer true. This change is intended to limit the adoptable curves to P-384 and P-521.
Risk Level: Medium - removal of limitation of curves to be used for ECDSA certificates, with potential misconfiguration and DoS risks mentioned in previous discourse on the issue. This risk is mitigated in this PR, however, by continuing to expressly limit the type of EC keys accepted to those associated with the P-256, P-384 or P-521 curves and no others.
Testing: Testing using unit and integration tests
Ran build envoy artefact locally with below config:
Ran
openssl s_client 127.0.0.1:10000
:Docs Changes: Changes made to reference that P-384 and P-521 certificates now are usable.
Fixes #10855