You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently TLS Session Tickets can only be configured as DataSource which limits them to inline string/bytes or individual files. This type of setup requires a restart of envoy to rotate the keys. The API already has a provision to pull them from SDS, albeit currently stubbed out. Further, trying to configure SDS for tickets throws an explicit "SDS not supported" error.
Please consider fully implementing SDS for TLS session ticket keys.
Currently TLS Session Tickets can only be configured as
DataSource
which limits them to inline string/bytes or individual files. This type of setup requires a restart of envoy to rotate the keys. The API already has a provision to pull them from SDS, albeit currently stubbed out. Further, trying to configure SDS for tickets throws an explicit "SDS not supported" error.Please consider fully implementing SDS for TLS session ticket keys.
api stub: https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/auth/cert.proto#L357-L358
exception: https://github.com/envoyproxy/envoy/blob/master/source/extensions/transport_sockets/tls/context_config_impl.cc#L351-L353
The text was updated successfully, but these errors were encountered: