config/tls: Updated TLS cipher string to include ECDSA ciphers

This was a miss when redpanda-data#19792 landed. Only RSA based cipher strings were included in the list. This wasn't caught because our integration tests only use RSA based certificates. Also this may have taken some time for customers to find as this bug didn't effect TLSv1.3. Signed-off-by: Michael Boquard <michael@redpanda.com>
michael-redpanda · Nov 20, 2024 · f0c141b · f0c141b
1 parent 8d491f3
commit f0c141b
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/v/config/tls_config.h b/src/v/config/tls_config.h
@@ -62,9 +62,11 @@ struct p12_container {
 using key_cert_container = std::variant<key_cert, p12_container>;
 
 inline constexpr std::string_view tlsv1_2_cipher_string
-  = "ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:"
-    "AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:AES128-"
-    "SHA:AES128-CCM:ECDHE-RSA-AES256-SHA:AES256-SHA:AES256-CCM";
+  = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-"
+    "SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:AES256-"
+    "GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:"
+    "ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:AES128-SHA:AES128-CCM:ECDHE-"
+    "RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES256-SHA:AES256-CCM";
 
 inline constexpr std::string_view tlsv1_3_ciphersuites
   = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_"