Increase size of documented gossip encryption key size #6244
Assignees
Labels
type/docs
Documentation needs to be created/updated/clarified
type/enhancement
Proposed improvement or new feature
Comments
freddygv
added
type/enhancement
|
Will be in upcoming release, closing. |
|
@freddygv - There is no referenced PR here. Where was this added? |
|
I was able to locate this in #6388. That commit SHA doesn't seem to be present in any PRs other than this one. |
|
Thanks everyone. I really appreciate it. I’m sure this will help others who are wondering the same thing in the future. |
|
Hey there, This issue has been automatically locked because it is closed and there hasn't been any activity for at least 30 days. If you are still experiencing problems, or still have questions, feel free to open a new one 👍. |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently Consul's docs state that gossip encryption keys must be 16 bytes long. However, the underlying
memberlistlibrary, allows for 16, 24, and 32 byte keys (supporting AES 128, 192, and 256).Consul should move the default key size to 32 bytes so that gossiped messages are encrypted with AES 256. This would be an improvement for users who expect or require AES 256 to encrypt their data.
Currently AES 256 is supported for gossip encryption, but it's not documented. This proposal is to change the default in the key generator as well as the related documentation and tests.
Lastly, Consul would continue to allow 16-byte gossip encryption keys. These would no longer be generated by the
keygencommand.The text was updated successfully, but these errors were encountered: