support for Quantum Safe TLS within ingress-nginx controller #12746
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
needs-priority
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
Comments
mareklubinski
added
the
kind/feature
k8s-ci-robot
added
needs-triage
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
|
We will not be implemented this feature, at the present we moving our focus to ingate Please see more in our maintainer talk at kubecon this year https://www.youtube.com/watch?v=KLwsV6_DntA /close |
|
@strongjz: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
current (latest) version of nginx ingress controller, does NOT support new quantum-resistant X25519Kyber768 encapsulation mechanism. More details (it was released back in April 2024) can be found on following websites:
It is required for the future, because at certain moment these "mitigation steps" explained in the websites above (how to disable this new mechanism on the client machine) won't be possible anymore, and it will be enforced, therefore all users will see all the time "fake certificate" response from website exposed behind ssl-enabled nginx ingress controller (even though SSL certificate is fine). It is happening on the websites exposed (via ingress nginx) using:
Network Load Balancer (eg. AWS NLB)
ingress controller with ssl-passthrough flag enabled
--enable-ssl-passthrough
and ingress annotations:
So please implement proper measures into nginx ingress controller to handle this new mechanism correctly, so that it doesn't give users this confusing error message (insecure website, kubernetes fake certificate).
Thank you.
no noThe text was updated successfully, but these errors were encountered: