Setting --ssl.ecdh-curve=

2024-12-14 11:57:37 +00:00 · 2018-03-12 10:25:11 +01:00 · 2018-03-12 10:25:11 +01:00 · 15daf549de
commit 15daf549de
parent 698a56493d
6 changed files with 6 additions and 1 deletions
--- a/pkg/deployment/pod_creator.go
+++ b/pkg/deployment/pod_creator.go
@ -101,6 +101,7 @@ func createArangodArgs(apiObject metav1.Object, deplSpec api.DeploymentSpec, gro
 		keyPath := filepath.Join(k8sutil.TLSKeyfileVolumeMountDir, constants.SecretTLSKeyfile)
 		options = append(options,
 			optionPair{"--ssl.keyfile", keyPath},
+			optionPair{"--ssl.ecdh-curve", ""}, // This way arangod accepts curves other than P256 as well.
 		)
 		/*if bsCfg.SslKeyFile != "" {
 			if bsCfg.SslCAFile != "" {
--- a/pkg/deployment/pod_creator_agent_args_test.go
+++ b/pkg/deployment/pod_creator_agent_args_test.go
@ -113,6 +113,7 @@ func TestCreateArangodArgsAgent(t *testing.T) {
 				"--server.jwt-secret=$(ARANGOD_JWT_SECRET)",
 				"--server.statistics=false",
 				"--server.storage-engine=rocksdb",
+				"--ssl.ecdh-curve=",
 				"--ssl.keyfile=/secrets/tls/tls.keyfile",
 			},
 			cmdline,
--- a/pkg/deployment/pod_creator_coordinator_args_test.go
+++ b/pkg/deployment/pod_creator_coordinator_args_test.go
@ -111,6 +111,7 @@ func TestCreateArangodArgsCoordinator(t *testing.T) {
 				"--server.jwt-secret=$(ARANGOD_JWT_SECRET)",
 				"--server.statistics=true",
 				"--server.storage-engine=rocksdb",
+				"--ssl.ecdh-curve=",
 				"--ssl.keyfile=/secrets/tls/tls.keyfile",
 			},
 			cmdline,
--- a/pkg/deployment/pod_creator_dbserver_args_test.go
+++ b/pkg/deployment/pod_creator_dbserver_args_test.go
@ -111,6 +111,7 @@ func TestCreateArangodArgsDBServer(t *testing.T) {
 				"--server.jwt-secret=$(ARANGOD_JWT_SECRET)",
 				"--server.statistics=true",
 				"--server.storage-engine=rocksdb",
+				"--ssl.ecdh-curve=",
 				"--ssl.keyfile=/secrets/tls/tls.keyfile",
 			},
 			cmdline,
--- a/pkg/deployment/pod_creator_single_args_test.go
+++ b/pkg/deployment/pod_creator_single_args_test.go
@ -81,6 +81,7 @@ func TestCreateArangodArgsSingle(t *testing.T) {
 				"--server.jwt-secret=$(ARANGOD_JWT_SECRET)",
 				"--server.statistics=true",
 				"--server.storage-engine=rocksdb",
+				"--ssl.ecdh-curve=",
 				"--ssl.keyfile=/secrets/tls/tls.keyfile",
 			},
 			cmdline,
--- a/pkg/deployment/tls.go
+++ b/pkg/deployment/tls.go
@ -38,7 +38,7 @@ import (

 const (
 	caTTL         = time.Hour * 24 * 365 * 10 // 10 year
-	tlsECDSACurve = "P256"                    // This curve is the default that ArangoDB accepts and plenty strong
+	tlsECDSACurve = "P384"                    // P256                    // This curve is the default that ArangoDB accepts and plenty strong
 )

 // createCACertificate creates a CA certificate and stores it in a secret with name