On Tue, Aug 14, 2018 at 7:47 AM Sai Boorlagadda <sai_boorlaga...@apache.org> wrote:
> Geode currently does not implement hostname verification and is probably > not required per TLS spec. But it can be supported on TLS as an additional > check. The new proposed[1] implementation to use the default SSL context > could cause certain man-in-the-middle attacks possible if there is no > hostname verification. The current SSL implementation is also susceptible to man-in-the-middle as well. This proposal is really independent of those proposed changes. > This is a proposal to add a new boolean SSL property > `ssl-enable-endpoint-identification` which enables hostname verification > for secure connections. Are you proposing that we ship a custom trust manager that verifies hosts on all TLS connections? I would rather shy away from yet another confusing SSL property. Is there a proposed why for consumers to provide their own trust manager and host verification process? If so, I assume that is yet another property, can we merge those properties somehow? At this point with all theses system properties can we come up with a better way to configure SSL? -Jake
