-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use TLS elliptic curve names consistently #759
Comments
@kenjenkins yeah nice catch. I also noticed this pretty egregious example in the Manual Verification section of Identity Verification; it lists all three aliases. In the OpenSSL command itself, Do you feel strongly about using any of these aliases? For readability, I feel like "P-256" is the best option, but it might make sense to use the alias used in the OpenSSL command. |
I think "P-256" probably makes sense. I'd agree that listing all three names in the Identity Verification page snippet may be overkill, but I don't feel too strongly about it. If we just leave "NIST P-256" in the text, and keep |
Page: https://www.pomerium.com/docs/internals/cryptography#encryption-in-transit
What's incorrect or missing
The "Downstream TLS" section includes "secp256r1" in the elliptic curves list, while the "Upstream TLS" section includes "P-256". I think these are two different names for the same curve?
What's the resolution?
If these are indeed the same, we should probably pick one name and use it consistently in both sections.
Reference
The text was updated successfully, but these errors were encountered: