Jira (PUP-2606) Support ECC keys

[Aaron Armstrong (JIRA)]

Aaron Armstrong updated an issue

Puppet / PUP-2606 Support ECC keys Change By: Aaron Armstrong Component/s: Networking Services Component/s: Puppet Server Add Comment

This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a)

[Yuri A (JIRA)]

Yuri A commented on PUP-2606

Re: Support ECC keys What's the trouble here? Can we get this moving? We're using our own CA and would like to use ECC.

Add Comment

This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)

[Eric Sorenson (JIRA)]

Eric Sorenson commented on PUP-2606

Re: Support ECC keys Yuri A not many people have asked for this so it hasn't gotten prioritized. I will take this as a design consideration as we look at revamping the CA and server/agent SSL interactions.

Add Comment

[Andrew Forgue (JIRA)]

Andrew Forgue commented on PUP-2606

Re: Support ECC keys +1 – We're super interested in this as well (on the Agent Side), since we use an external CA and only issue EC keys.

Add Comment

[Eric Sorenson (JIRA)]

Eric Sorenson updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Eric Sorenson Fix Version/s: PUP 4.y

Add Comment

[Branan Riley (JIRA)]

Branan Riley updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Branan Riley Labels: redmine  triaged

Add Comment

[Branan Riley (JIRA)]

Branan Riley updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Branan Riley Team: Agent

Add Comment

[Moses Mendoza (JIRA)]

Moses Mendoza updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Moses Mendoza Labels: redmine  triaged

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Josh Cooper Team: Server Coremunity

Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-2606

Re: Support ECC keys ECC is desirable for agents because it requires less CPU and power than RSA for the same effective level of security. I've moved this to Coremunity and implemented a PR enabling the agent to use EC keys, which is compatible when servers are using RSA keys. We will need to file additional tickets if/when we add server support.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper assigned an issue to Josh Cooper

Puppet / PUP-2606 Support ECC keys

Change By: Josh Cooper Assignee: Josh Cooper

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Josh Cooper Fix Version/s: PUP 6.5.0

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Josh Cooper Release Notes Summary: An agent may be configured to use elliptic curve (EC) private keys using the `key_type=ec` puppet setting. By default, puppet will use the `prime256v1` elliptic curve, but an alternate curve may be specified using the `named_curve` puppet setting, provided ruby and openssl support it. See OpenSSL::PKey::EC.builtin_curves for a list of supported curves. Note the `key_type` and `named_curve` settings are ignored if the agent already has a private key. Also the settings only control the type of private key that the agent generates. It does not affect which curve is selected in the TLS protocol. Release Notes: New Feature

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Josh Cooper Sprint: Platform Core KANBAN

Add Comment

[Jacob Helwig (JIRA)]

Jacob Helwig commented on PUP-2606

Re: Support ECC keys Merged to master branch in 3b9b1a32a4.

Add Comment

[Kris Bosland (JIRA)]

Kris Bosland commented on PUP-2606

Re: Support ECC keys Merged #7505 into master at 4baeed9.

Add Comment

[Heston Hoffman (JIRA)]

Heston Hoffman updated an issue

Puppet / PUP-2606 Support ECC keys

Change By: Heston Hoffman Labels: redmine resolved-issue-added

Add Comment