config/tls: Updated TLS cipher string to include ECDSA ciphers

This was a miss when redpanda-data#19792 landed. Only RSA based cipher strings were included in the list. This wasn't caught because our integration tests only use RSA based certificates. Also this may have taken some time for customers to find as this bug didn't effect TLSv1.3. Signed-off-by: Michael Boquard <michael@redpanda.com> (cherry picked from commit f0c141b)
vbotbuildovich · Nov 20, 2024 · cceb2a1 · cceb2a1
1 parent 151c85d
commit cceb2a1
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/v/config/tls_config.h b/src/v/config/tls_config.h
@@ -62,9 +62,11 @@ struct p12_container {
 using key_cert_container = std::variant<key_cert, p12_container>;
 
 inline constexpr std::string_view tlsv1_2_cipher_string
-  = "ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:"
-    "AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:AES128-"
-    "SHA:AES128-CCM:ECDHE-RSA-AES256-SHA:AES256-SHA:AES256-CCM";
+  = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-"
+    "SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:AES256-"
+    "GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:"
+    "ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:AES128-SHA:AES128-CCM:ECDHE-"
+    "RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES256-SHA:AES256-CCM";
 
 inline constexpr std::string_view tlsv1_3_ciphersuites
   = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_"