Skip to content

Commit 9ed1c79

Browse files
committed
Use ecdsa instead of rsa for webhooks
Performance of RSA was so shit I couldn't run anything
1 parent fe62581 commit 9ed1c79

File tree

1 file changed

+13
-6
lines changed
  • crates/stackable-webhook/src

1 file changed

+13
-6
lines changed

crates/stackable-webhook/src/tls.rs

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,11 @@ use hyper::{body::Incoming, service::service_fn};
88
use hyper_util::rt::{TokioExecutor, TokioIo};
99
use opentelemetry::trace::{FutureExt, SpanKind};
1010
use snafu::{ResultExt, Snafu};
11-
use stackable_certs::{CertificatePairError, ca::CertificateAuthority, keys::rsa};
11+
use stackable_certs::{
12+
CertificatePairError,
13+
ca::{CertificateAuthority, DEFAULT_CA_VALIDITY_SECONDS},
14+
keys::ecdsa,
15+
};
1216
use stackable_operator::time::Duration;
1317
use tokio::net::TcpListener;
1418
use tokio_rustls::{
@@ -44,12 +48,12 @@ pub enum Error {
4448

4549
#[snafu(display("failed to encode leaf certificate as DER"))]
4650
EncodeCertificateDer {
47-
source: CertificatePairError<rsa::Error>,
51+
source: CertificatePairError<ecdsa::Error>,
4852
},
4953

5054
#[snafu(display("failed to encode private key as DER"))]
5155
EncodePrivateKeyDer {
52-
source: CertificatePairError<rsa::Error>,
56+
source: CertificatePairError<ecdsa::Error>,
5357
},
5458

5559
#[snafu(display("failed to set safe TLS protocol versions"))]
@@ -103,10 +107,13 @@ impl TlsServer {
103107
// See https://docs.rs/tokio/latest/tokio/task/fn.spawn_blocking.html
104108
let task = tokio::task::spawn_blocking(move || {
105109
let mut certificate_authority =
106-
CertificateAuthority::new_rsa().context(CreateCertificateAuthoritySnafu)?;
107-
110+
CertificateAuthority::new_ecdsa().context(CreateCertificateAuthoritySnafu)?;
108111
let leaf_certificate = certificate_authority
109-
.generate_rsa_leaf_certificate("Leaf", "webhook", Duration::from_secs(3600))
112+
.generate_ecdsa_leaf_certificate(
113+
"Leaf",
114+
"webhook",
115+
Duration::from_secs(DEFAULT_CA_VALIDITY_SECONDS),
116+
)
110117
.context(GenerateLeafCertificateSnafu)?;
111118

112119
let certificate_der = leaf_certificate

0 commit comments

Comments
 (0)