envoyproxy/envoy

BoringSSL's SSL_CREDENTIAL API

Open

#32 793 ouverte le 8 mars 2024

Voir sur GitHub
 (8 commentaires) (0 réactions) (0 assignés)C++ (5 373 forks)batch import
area/tlsenhancementhelp wanted

Métriques du dépôt

Stars
 (27 997 stars)
Métriques de merge PR
 (Merge moyen 8j) (378 PRs mergées en 30 j)

Description

Title: BoringSSL's SSL_CREDENTIAL API

Description: This is a heaps up that BoringSSL just landed a new API that might be useful for Envoy. Not a request to change anything, just a heads up, and also a request for thoughts if you all would prefer it work differently. I wasn't sure where to send this to feel free to redirect this elsewhere.

For a while, BoringSSL did not have a built-in way to select between RSA and ECDSA certificates. We left that to the caller. However, RSA vs ECDSA selection is quite complex, particularly at TLS 1.2 (TLS 1.3 dramatically cleans this up). Even within ECDSA, one may also have different curves. (Really ECDSA-P-256 and ECDSA-P-384 should be thought of as completely different key types. Though we continue to recommend sticking with P-256.) And, in the future, there will be post-quantum key types to juggle.

There are also other certificate negotiation decisions to make such as:

With all those moving parts, we thought it was better to have that in BoringSSL. SSL_CREDENTIAL is meant to be the place to configure that. The idea is that we combine everything related to a single "credential" into an object. Credentials may have different types, like X.509 certificate or otherwise. Each credential also has some criteria, based on TLS protocol rules, that determine whether it can be used on a connection. Callers configure an ordered preference list of credentials with BoringSSL, and we'll pick the first one that matches.

This can still be used in tandem with application-specific selection logic like SNI dispatch. The idea is that Envoy would use its criteria to select a list of candidates, such as an ECDSA and RSA certificate for that vhost. It would then configure the candidates, in preference order, with BoringSSL, and BoringSSL will evaluate those according to protocol rules.

Relevant Links: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Credentials

Guide contributeur