Remove RSA key transport from the defaults on the server-side

This is the intent to remove RSA key transport (i.e. `AES128-GCM-SHA256`, `AES128-SHA`, `AES256-GCM-SHA384` and `AES256-SHA`) from the default cipher suites on the server-side.

This change will affect your deployment if it's using default cipher suites (i.e. not configuring `cipher_suites`) and it's accepting incoming connections using those cipher suites:
```
$ curl -s localhost:9901/stats | grep -E "^listener.*.ssl.ciphers.AES"
listener.<address>.ssl.ciphers.AES128-GCM-SHA256: 1
listener.<address>.ssl.ciphers.AES128-SHA: 1
listener.<address>.ssl.ciphers.AES256-GCM-SHA384: 1
listener.<address>.ssl.ciphers.AES256-SHA: 1
```
(This works only with Envoy v1.9.0 and newer)

ETA: 1.14 (i.e. ~mid 2020)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove RSA key transport from the defaults on the server-side #5399

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Remove RSA key transport from the defaults on the server-side #5399

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions