Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Finish implementation of TLS Session Ticket keys delivery via SDS #7397

Closed
mk23 opened this issue Jun 25, 2019 · 2 comments · Fixed by #8635
Closed

Finish implementation of TLS Session Ticket keys delivery via SDS #7397

mk23 opened this issue Jun 25, 2019 · 2 comments · Fixed by #8635
Assignees
@euroelessar
Labels
enhancement Feature requests. Not bugs or questions. help wanted Needs help!

Comments

@mk23
Copy link

mk23 commented Jun 25, 2019

Currently TLS Session Tickets can only be configured as DataSource which limits them to inline string/bytes or individual files. This type of setup requires a restart of envoy to rotate the keys. The API already has a provision to pull them from SDS, albeit currently stubbed out. Further, trying to configure SDS for tickets throws an explicit "SDS not supported" error.

Please consider fully implementing SDS for TLS session ticket keys.

api stub: https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/auth/cert.proto#L357-L358
exception: https://github.com/envoyproxy/envoy/blob/master/source/extensions/transport_sockets/tls/context_config_impl.cc#L351-L353
@mattklein123 mattklein123 added enhancement Feature requests. Not bugs or questions. help wanted Needs help! labels Jun 25, 2019
@euroelessar
Copy link
Contributor

I've started working on the change, please assign it to me.

@euroelessar euroelessar mentioned this issue Jul 19, 2019
Closed
@JimmyCYJ
Copy link
Member

cc @JimmyCYJ

@euroelessar euroelessar mentioned this issue Oct 17, 2019
Merged
lizan pushed a commit that referenced this issue Oct 18, 2019
@lizan
sds: add ability to reload TLS session ticket keys (#8635)
55ab495 
Description: Finish migration of TLS session ticket keys to provider-based API.
Risk Level: Medium
Testing: added new tests
Docs Changes: updated
Release Notes: updated
Fixes #7397

Signed-off-by: Ruslan Nigmatullin <elessar@dropbox.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@euroelessar euroelessar

Labels
enhancement Feature requests. Not bugs or questions. help wanted Needs help!
Projects
None yet
Milestone
No milestone
4 participants
@euroelessar @mk23 @mattklein123 @JimmyCYJ