geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Smith <dsm...@pivotal.io>
Subject Re: Proposal of new config property "ssl-server-name-extension"
Date Tue, 19 Nov 2019 21:17:54 GMT
Can you clarify which connections will use this ssl-server-name-extension
as part of the Client Hello? client to locator, client to server, server to
server, WAN site to WAN site, ... all of the above?

I'm fine with adding the new property.

At some point, I think we need to think about making it easier to plug in
custom logic to control the entire socket creation and TLS handshake. I
think technically you can take over the whole process if you set the
ssl-use-default-context property and then configure the default SSLContext
for your entire process, but that is not ideal.

-Dan

On Tue, Nov 19, 2019 at 8:24 AM Charlie Black <cblack@pivotal.io> wrote:

> I have read the e-mail and the ticket I am not sure how this field is going
> to be used.   Maybe you can expand on the intent of this field.
>
> From the property "ssl-server-name-extension" it feels like we are
> intending to correlate with something presented in the SSL certificate.
> It would be great if that was explained plainly for the reader in more
> detail.
>
> For now I can only -1.
>
> Charlie
>
> On Tue, Nov 19, 2019 at 3:27 AM Mario Ivanac <mario.ivanac@est.tech>
> wrote:
>
> > Hi geode dev,
> >
> > as a part of solution for
> https://issues.apache.org/jira/browse/GEODE-7414
> > we would like to introduce new config property
> "ssl-server-name-extension".
> >
> > This property will contain generic string, which will be added as Server
> > Name Indication (SNI) parameter to Client Hello message.
> >
> > Do you agree with this proposal?
> >
> > Thanks,
> > Mario
> >
>
>
> --
> Charlie Black | cblack@pivotal.io
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message