Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External TLS Session Cache #5577

Open
guydc opened this issue Nov 16, 2021 · 1 comment
Open

External TLS Session Cache #5577

guydc opened this issue Nov 16, 2021 · 1 comment
Labels
stale Issues that are stale. These will not be prioritized without further engagement on the issue. Type: Enhancement New feature or request

Comments

@guydc
Copy link

guydc commented Nov 16, 2021
edited
Loading

Is your feature request related to a problem? Please describe.
TLS supports session resumption to improve performance. Envoy uses an in-memory TLS session cache. There are several consequences:

  • When running Gloo Edge in HA mode, TLS session resumption can fail. When a client performs a TLS handshake with a certain envoy instance and then attempts to resume the session with a different instance, the resumption will fail.
  • Sessions are not persistent across Gateway-Proxy pod restarts (evictions, rollout, etc.), which can also lead to resumption failure.

Describe the solution you'd like
An External TLS Session cache can solve this problem.

Describe alternatives you've considered
Using Session Tickets appears to be a better approach, as only the ticket private keys need to be shared by the envoy instances. However, Session Tickets may not be supported by all clients.

Additionally, the session cache should support configuration of cache record timeouts and maximum number of cached sessions.

Additional context
The same issue and was already raised in the envoy project: envoyproxy/envoy#14553.
@guydc guydc added the Type: Enhancement New feature or request label Nov 16, 2021
@chrisgaun chrisgaun modified the milestone: Caching Jan 14, 2022
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 2, 2024

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.

@github-actions github-actions bot added the stale Issues that are stale. These will not be prioritized without further engagement on the issue. label Jun 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale Issues that are stale. These will not be prioritized without further engagement on the issue. Type: Enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisgaun @guydc