Why doesn't AWS API Gateway mTLS support secp521r1?

0

When implementing mTLS for an HTTP API in API Gateway and added a trust store with all CA chains, I was surprised to see a warning that API Gateway doesn't support secp521r1 ECC ciphers.

Is there a reason why this isn't supported in API Gateway mTLS configuration but is supported in ALB mTLS configuration (based on docs)?

1 Answer
0

The reason AWS API Gateway doesn’t support the secp521r1 ECC curve for mTLS while ALB does likely comes down to differences in their underlying cryptographic libraries and configurations. API Gateway and ALB have distinct implementations and support different sets of cryptographic standards, which can lead to such discrepancies. API Gateway's current setup might not include secp521r1, whereas ALB supports a broader range of algorithms. If secp521r1 support is essential for you, considering alternative solutions or using ALB might be necessary.

profile picture
EXPERT
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions