From fe308fa867b0c6238edbb2027d3e838ff1bd9505 Mon Sep 17 00:00:00 2001 From: richardsonnick Date: Tue, 30 Sep 2025 13:10:49 +0000 Subject: [PATCH 1/2] Add: Support for specifying elliptic curves in TLS handshake --- config/v1/types_tlssecurityprofile.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index b18ef647c2f..2800f6117c2 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -213,6 +213,14 @@ type TLSProfileSpec struct { // // +listType=atomic Ciphers []string `json:"ciphers"` + // curves is used to specify the elliptic curves that are used during + // the TLS handshake. Operators may remove entries their operands do + // not support. For example, to use X25519 and P-256 (yaml): + // + // curves: + // - X25519 + // - P-256 + Curves []string `json:"curves.omitempty"` // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): From 93fe07b1d3f9435b9b98c9d7a2170def362d534b Mon Sep 17 00:00:00 2001 From: Nicholas Richardson Date: Thu, 2 Oct 2025 14:47:35 -0400 Subject: [PATCH 2/2] Update config/v1/types_tlssecurityprofile.go Co-authored-by: Bryce Palmer --- config/v1/types_tlssecurityprofile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index 2800f6117c2..f4f94863d0b 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -220,7 +220,7 @@ type TLSProfileSpec struct { // curves: // - X25519 // - P-256 - Curves []string `json:"curves.omitempty"` + Curves []string `json:"curves,omitempty"` // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml):