Skip to content

Support SECP521R1 Curve for xDS TLS Communication Between Envoy and Contour #6997

New issue
New issue
Closed
#6996
Closed
Support SECP521R1 Curve for xDS TLS Communication Between Envoy and Contour#6997
#6996
Assignees
tsaarni
Labels
kind/featureCategorizes issue or PR as related to a new feature.
@tsaarni

Description

@tsaarni
tsaarni
opened on Apr 15, 2025

When using an EC certificate with the secp521r1 curve for the xDS gRPC interface, the TLS handshake fails because Envoy does not advertise secp521r1 in the signature_algorithms extension, due to BoringSSL’s default settings.

Please add support for the secp521r1 signature algorithm to enable compatibility for this use case.

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions