Support for ECDSA ciphers #5101
-
Hello, I would like to have my NIC release configuration as:
I've got also my VirtualServer configured this way:
Right now only 3/6 ciphers are working (RSA) and afaik the reason is that certificate generated by VirtualServer is an RSA certfiicate ( What I would like to do is to add 2nd certificate for ECDSA. I've got one idea (below) but before I'll implement I wanted to ask you is there any simpler way to do it? (maybe I'm missing something) My idea is to use https://github.com/nginxinc/kubernetes-ingress/tree/v3.4.2/examples/shared-examples/custom-templates and somehow (not sure yet how) add to the virtualserver-template another ssl_certificate and ssl_certificate_key (before create on my side ecdsa certificate - https://cert-manager.io/docs/faq/#is-ecc-elliptic-curve-cryptography-supported). As you can see it is quite complicated - much better will be to have possibility:
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
ℹ️ I managed to have hybrid certificates (RSA & ECDSA) by:
I tested it with oneliner:
However still it is kind of hacking - do you think I should create an issue for it? |
Beta Was this translation helpful? Give feedback.
-
@mariusz-gomse-centra Hello there. Just a small note:
We do not actually generate the certificate. That would be the provider generating the certificate. In this case you are using cert-manager. I am assuming you want to have two entires for The way you have it now using snippets, would be the current way to implement your goal. Let me know if that helps. |
Beta Was this translation helpful? Give feedback.
-
Closing this discussion as it has been answered, and the follow up discussion is here: #5133 |
Beta Was this translation helpful? Give feedback.
@mariusz-gomse-centra Hello there.
Just a small note:
We do not actually generate the certificate. That would be the provider generating the certificate. In this case you are using cert-manager.
We just "load in" the certificate into the server block and use the NGINX
ssl_
directives for the .cert and .key. For this scenario, it sounds like you want a ECDSA cert (second cert) to be used within yourvirtualServer
resource.I am assuming you want to have two entires for
ssl_certificate
andssl_certificate_key
in yourserver
block, the second cert focused for elliptical curve support?If your goal is to support multiple ce…