Enable mesh traffic to be secured using qsafe curves #52512
50
−22
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Enable Istio's mesh mTLS communication to be secured using quantum-safe curves supported by boringssl (X25519Kyber768Draft00) today. Extend the current capability to be able to configure the ECDH curves for the mesh mTLS traffic in ISTIO_MUTUAL mode. Based on the current implementation, we can set ecdh curves for mesh traffic where the tls mode is SIMPLE or MUTUAL (using the tlsDefaults setting in MeshConfig) but not for ISTIO_MUTUAL mode (meshMTLS does not respect ecdh curves).
Fixes: #52290
Please provide a description of this PR: