Envoy hardcoded its BoringSSL implementation for transport security. It is hard to provide other protocols or implementations without modifying Envoy core code base. We have use cases and POC work to link alternative protocols internally which is based on gRPC's Transport Security Interface.
My proposal is to make a generic config object TransportSecurityContext, which is contains name and an opaque config, just like filter config. Then using registry to load implementations at config time. Since the v2 APIs are frozen, the new config object will be added as oneof with existing TlsCotnext, so it won't break compatibility.
Envoy hardcoded its BoringSSL implementation for transport security. It is hard to provide other protocols or implementations without modifying Envoy core code base. We have use cases and POC work to link alternative protocols internally which is based on gRPC's Transport Security Interface.
My proposal is to make a generic config object
TransportSecurityContext, which is contains name and an opaque config, just like filter config. Then using registry to load implementations at config time. Since the v2 APIs are frozen, the new config object will be added asoneofwith existingTlsCotnext, so it won't break compatibility.