Details

    • Release Notes:
      New Feature
    • Release Notes Summary:
      Hide
      An agent may be configured to use elliptic curve (EC) private keys using the `key_type=ec` puppet setting. By default, puppet will use the `prime256v1` elliptic curve, but an alternate curve may be specified using the `named_curve` puppet setting, provided ruby and openssl support it. See OpenSSL::PKey::EC.builtin_curves for a list of supported curves. Note the `key_type` and `named_curve` settings are ignored if the agent already has a private key. Also the settings only control the type of private key that the agent generates. It does not affect which curve is selected in the TLS protocol.
      Show
      An agent may be configured to use elliptic curve (EC) private keys using the `key_type=ec` puppet setting. By default, puppet will use the `prime256v1` elliptic curve, but an alternate curve may be specified using the `named_curve` puppet setting, provided ruby and openssl support it. See OpenSSL::PKey::EC.builtin_curves for a list of supported curves. Note the `key_type` and `named_curve` settings are ignored if the agent already has a private key. Also the settings only control the type of private key that the agent generates. It does not affect which curve is selected in the TLS protocol.

      Description

      Right now Puppet is hard coded to only use RSA keys when dealing with certificates. RSA is getting a little long in the tooth, and although it has not been compromised, there are newer algorithms that are not as susceptible to attacks that have been developed.

      OpenSSL supports ECC in addition to RSA. Puppet should become configurable to be able to use ECC for generating keys. This feature should be configurable since not all OpenSSL releases that puppet may be used on are going to have this available.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                josh Josh Cooper
                Reporter:
                redmine.exporter redmine.exporter
                QA Contact:
                Erik Dasher
              • Votes:
                4 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support