Skip to content

Adding default certificate to the certificate list for SNI client connections #4090

Open
@AbeOwlu

Description

@AbeOwlu

Describe the feature you are requesting
Scenarios in controller certificate auto-discovery;

  • where different encryption certificate (ECC, RSA) are auto-discovered
  • the ECC certificate is discovered first and in the LB model is created as the default certificate
  • the RSA encyption certificate is discovered ...and any other certificate, and added to the certificate ilst
  • From the ALB documentation, however, the default certificate is never used when a client request specifies the SNI and there is a certificate list
  • client attempting to negotiate ECC cipher suite with an ALB only checking only the certificate list fails TLS negotiation

Motivation

  • the ALB spec would seem to expect the default certificate to also be added to the certificate list

Describe the proposed solution you'd like

  • Add the default certificate also to the certificate list. Perhaps appending the certificate twice?

Contribution Intention (Optional)

  • Yes, I am willing to contribute a PR to implement this feature

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions