search

QubitProducts / exporter_exporter

A reverse proxy designed for Prometheus exporters
Apache License 2.0
344 stars 55 forks source link

ed25519 #71

Closed maemigh closed 3 years ago

maemigh commented 3 years ago

Is ed25519 supported?

I noticed this module is using an older version of crypto and I wasn't able to find details of when support was added.

tcolgate commented 3 years ago

Not sure what you mean by "and older version of crypto". we use the standard library crypto package. The TLS config if specified here: https://github.com/QubitProducts/exporter_exporter/blob/master/main.go#L246-L254, it prefers ECDHE and ECDSA, however we set min TLS to 1.2, when negotiating 1.3, those settings are ignored and the go standard library takes care of things, then I believe an Ed25519 cert would work.

maemigh commented 3 years ago

Thanks for the quick response. Unless I am misunderstanding, isn’t go.mod locking the crypto version to a 2019 version?

tcolgate commented 3 years ago

Ed25519 has been in the standard library for a while now: https://golang.org/pkg/crypto/ed25519/ The standard library crypto/tls uses the standard library crypto packages by default. x/crypto is being pulled in via logrus (and x/crypto/ssh/terminal , for some reason). It's not used for the web service.

maemigh commented 3 years ago

Great, thanks!