Open
Description
Describe the feature you are requesting
Scenarios in controller certificate auto-discovery;
- where different encryption certificate (ECC, RSA) are auto-discovered
- the ECC certificate is discovered first and in the LB model is created as the default certificate
- the RSA encyption certificate is discovered ...and any other certificate, and added to the certificate ilst
- From the ALB documentation, however, the default certificate is never used when a client request specifies the SNI and there is a certificate list
- client attempting to negotiate ECC cipher suite with an ALB only checking only the certificate list fails TLS negotiation
Motivation
- the ALB spec would seem to expect the default certificate to also be added to the certificate list
Describe the proposed solution you'd like
- Add the default certificate also to the certificate list. Perhaps appending the certificate twice?
Contribution Intention (Optional)
- Yes, I am willing to contribute a PR to implement this feature