You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/02/25 03:17:22 UTC
[GitHub] [incubator-apisix] tokers opened a new issue #1159: Proposal:
multiple certificates deployment for a single domain
tokers opened a new issue #1159: Proposal: multiple certificates deployment for a single domain
URL: https://github.com/apache/incubator-apisix/issues/1159
## Background
As is known to all, ECC (Elliptic Curve Cryptography) certificate has several advantages than RSA certificate, like smaller key size. The speed of SSL handshake on the server side will be better if we can use the ECC certificate.
Nevertheless, some browsers may not recognize the ECC certificate, so if someone migrated his/her certificate from RSA to ECC, compatibility broken might occur.
## Solution
Let's try to deploy multiple certificates for a single domain, depends on the cipher suites that client sent, apisix can select and send the most appropriate certificates.
Technically, OpenSSL's related APIs like `SSL_use_certificate`, `SSL_use_PrivateKey`, can be called duplicately for a single SSL session, the certificate selection will be done under the hood.
## References
* https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
* https://imququ.com/post/ecc-certificate.html
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] tokers edited a comment on issue #1159:
Proposal: multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
tokers edited a comment on issue #1159: Proposal: multiple certificates deployment for a single domain
URL: https://github.com/apache/incubator-apisix/issues/1159#issuecomment-600955634
@moonming I will try. Since i'm not familiar with the internal of APISIX, it may take a long while. Anyway, i will synchronize the progress here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on issue #1159: Proposal:
multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #1159: Proposal: multiple certificates deployment for a single domain
URL: https://github.com/apache/incubator-apisix/issues/1159#issuecomment-590712678
sounds great. We need also update `ssl_ciphers` in nginx.conf too.
@tokers welcome PR:)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [apisix] spacewander commented on issue #1159: Proposal: multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #1159:
URL: https://github.com/apache/apisix/issues/1159#issuecomment-679444609
Look like this can be closed now?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] tokers commented on issue #1159: Proposal:
multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #1159: Proposal: multiple certificates deployment for a single domain
URL: https://github.com/apache/incubator-apisix/issues/1159#issuecomment-600955634
@moonming I will try. Since i'm not familiar the internal of APISIX, it may take a long while. Anyway, i will synchronize the progress here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [apisix] tokers closed issue #1159: Proposal: multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
tokers closed issue #1159:
URL: https://github.com/apache/apisix/issues/1159
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #1159: Proposal: multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #1159:
URL: https://github.com/apache/apisix/issues/1159#issuecomment-679465796
@spacewander Yeah, the corresponding PR was merged.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] moonming commented on issue #1159: Proposal:
multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #1159: Proposal: multiple certificates deployment for a single domain
URL: https://github.com/apache/incubator-apisix/issues/1159#issuecomment-600956334
@tokers If you have any questions, feel free to discuss with us, looking forward for your PR
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] membphis commented on issue #1159: Proposal: multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1159:
URL: https://github.com/apache/incubator-apisix/issues/1159#issuecomment-652427448
@tokers any news?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] tokers commented on issue #1159: Proposal: multiple certificates deployment for a single domain
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #1159:
URL: https://github.com/apache/incubator-apisix/issues/1159#issuecomment-657406577
I'm so sorry that i almost forgot this thing... 😂, i will start to do it once i have enough time.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org