Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-9077

Add support for OpenSSL to main Envoy repository

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • None
    • Envoy
    • Add support for OpenSSL to main Envoy repository
    • False
    • Hide

      None

      Show
      None
    • False
    • In Progress

      Goal:

      Add an option for building Envoy that uses OpenSSL for encryption.

      Acceptance Criteria:

      Building with the appropriate options/flags produces an Envoy build that uses OpenSSL for all encryption related features.

      Open questions:

      Presumably, the implementation will collect patches to the Envoy code using `#IFDEF` adding envoy-openssl as a dependency, where envoy-openssl is the BoringSSL/OpenSSL compatibility layer. If that is the case, should envoy-openssl be versioned to support specific version combinations of Envoy (BoringSSL) and OpenSSL, e.g. Envoy 1.32 and OpenSSL 3.0, 3.2, 3.5.

      Depending on specific features of OpenSSL, other functionality within Envoy may need to be disabled. For example, QUIC support in OpenSSL < 3.4.

              jsantana@redhat.com Jonh Wendell
              rcernich1 Rob Cernich
              Dario Cillerai, Jonh Wendell, Ted Poole
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: