search

aws / aws-app-mesh-roadmap

AWS App Mesh is a service mesh that you can use with your microservices to manage service to service communication
Apache License 2.0
347 stars 25 forks source link

Feature Request: ECDSA ACM certificates for Virtual Node TLS Listeners #469

Open kgns opened 1 year ago

kgns commented 1 year ago

If you want to see App Mesh implement this idea, please upvote with a :+1:.

Tell us about your request I want to be able to use ECDSA certificates issued using an ECDSA AWS Private CA with my virtual node listeners' TLS configuration

Which integration(s) is this request for? I guess all of them? (I use ECS though)

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? ECDSA Private CA issued certificates are not available in the list where we can associate certificates with App Mesh virtual node TLS listeners. Only RSA ones are available. I would like to be able to use ECDSA certificates to reduce the CPU load on envoy containers while keeping the same security level

Are you currently working around this issue? No

thisismana commented 2 months ago

This (P-256 ECDSA) is already supported in mainstream Envoy. Envoy even prefers to use ECDSA over RSA if the clients does support it. This should be an easy thing to do then.

https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl

But, I fear it's time to move away from AppMesh. They don't even bother to update their own roadmap anymore: https://github.com/aws/aws-app-mesh-roadmap/projects/1

Updated Jul 22, 2023