Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-19505

Expose attributes to configure SNI per cluster for HotRod TLS handshake

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Critical Critical
    • 36.0.0.Beta1
    • 32.0.1.Final
    • Clustering
    • None
    • ---
    • ---

      Currently, the remote-cache-container tries to auto-configure the SNI host name for the remote servers of a cluster via the source address of the socket bindings - and only when possible, is hostname validation enabled.  In retrospect, this would only ever work if all cluster members were colocated.

      Given that a SNI host names need not correspond to real hostnames, we should decouple this configuration from the outbound-socket-binding and instead expose a configuration attribute per cluster, and only if set, auto-enable hostname validation.

              pferraro@redhat.com Paul Ferraro
              pferraro@redhat.com Paul Ferraro
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: