Skip to content

update supported groups for TLS#55589

Merged
istio-testing merged 1 commit intoistio:masterfrom
navaneethrameshan:master
Mar 19, 2025
Merged

update supported groups for TLS#55589
istio-testing merged 1 commit intoistio:masterfrom
navaneethrameshan:master

Conversation

@navaneethrameshan
Copy link
Copy Markdown
Contributor

@navaneethrameshan navaneethrameshan commented Mar 19, 2025
edited
Loading

Please provide a description of this PR:

The underlying boringssl version used in envoy now supports the hybrid group X25519MLKEM768 for TLS key exchange. Enable support for this group in Istio.

The dependency of istio -> proxy -> envoy -> boringssl is the following:
Istio -> proxy : proxy SHA
Proxy -> envoy: envoy SHA
Envoy -> boringssl: boringssl version
BoringSSL - supported groups

@navaneethrameshan
update supported groups for TLS
173741a 
The underlying boringssl version used in envoy now supports the group
X25519MLKEM768. Enable this support in Istio
@navaneethrameshan navaneethrameshan requested a review from a team as a code owner March 19, 2025 15:57
@istio-policy-bot
Copy link
Copy Markdown

istio-policy-bot commented Mar 19, 2025

😊 Welcome @navaneethrameshan! This is either your first contribution to the Istio istio repo, or it's been
a while since you've been here.

You can learn more about the Istio working groups, Code of Conduct, and contribution guidelines
by referring to Contributing to Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

@istio-testing istio-testing added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. needs-ok-to-test labels Mar 19, 2025
@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Mar 19, 2025

Hi @navaneethrameshan. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@navaneethrameshan navaneethrameshan mentioned this pull request Mar 19, 2025
Closed
@dgn
Copy link
Copy Markdown
Contributor

dgn commented Mar 19, 2025

/ok-to-test

@istio-testing istio-testing added ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. and removed needs-ok-to-test labels Mar 19, 2025
@howardjohn howardjohn added the release-notes-none Indicates a PR that does not require release notes. label Mar 19, 2025
@howardjohn
Copy link
Copy Markdown
Member

howardjohn commented Mar 19, 2025

/retest

@istio-testing istio-testing merged commit 85d0d4f into istio:master Mar 19, 2025
29 checks passed
fjglira pushed a commit to fjglira/istio that referenced this pull request Sep 26, 2025
Automator: merge upstream changes to openshift-service-mesh/istio@master
200ae95 
* upstream/master:
  Bump modules and minimum go version (istio#55514)
  update supported groups for TLS (istio#55589)
  Automator: update proxy@master in istio/istio@master (istio#55590)
thpham added a commit to thpham/ossm3-oqs that referenced this pull request Feb 10, 2026
@thpham
docs: correct upstream Istio PQC support note
ae4e705 
Upstream Istio 1.25+ supports X25519MLKEM768 natively via BoringSSL
(istio/istio#55589). Clarify that this project's OQS/OpenSSL approach
is specific to OSSM builds.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@howardjohn howardjohn howardjohn approved these changes

Assignees

No one assigned

Labels

ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. release-notes-none Indicates a PR that does not require release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@navaneethrameshan @istio-policy-bot @istio-testing @dgn @howardjohn