Use ECDSA(P-256) instead of RSA for Pages Let's Encrypt Integration (!88125) · Merge requests · GitLab.org / GitLab

Vishal Tak requested to merge pages-lets-encrypt-ecdsa into master May 20, 2022

What does this MR do and why?

As per the benchmarking results in https://gitlab.com/gitlab-org/gitlab/-/issues/361168#note_933171008 , it was noticed that using ECDSA(P-256) is much more efficient than using RSA for generating Let's Encrypt Certificates for Pages and the resulting TLS handshake. It would result in performance boost and would help us in avoiding multiple production issues where the CPU is saturated while performing TLS Handshake.

Fixes https://gitlab.com/gitlab-org/gitlab/-/issues/361168

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 01, 2022 by Vishal Tak

Use ECDSA(P-256) instead of RSA for Pages Let's Encrypt Integration

What does this MR do and why?

MR acceptance checklist

Merge request reports