Istio-Gateway should support two certificates for the same domain (RSA & EC) #38946
Labels
area/networking
area/security
kind/enhancement
lifecycle/automatically-closed
Indicates a PR or issue that has been closed automatically.
lifecycle/stale
Indicates a PR or issue hasn't been manipulated by an Istio team member for a while
Describe the feature request
We have a requirement to run two certificates on our cloud environment with the same hostnames. One RSA and the other with the modern Eliptic Curve procedures. The Istio ingress gateway should be able to load both certificates and decide through the client request which encryption method to use.
Describe alternatives you've considered
I have seen alternatives at Envoy in the form of DownStreamTLSContext. As described here. However, it would be desirable to control this via the gateway.
Affected product area (please put an X in all that apply)
[ ] Docs
[ ] Installation
[X] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[X] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
Additional context
The text was updated successfully, but these errors were encountered: