Hi,

as described before:

This property will contain generic string, which will be added as Server Name 
Indication (SNI) parameter to ClientHello message.
ClientHello message is part of SSL handshake.

Mario
________________________________
Šalje: Charlie Black <cbl...@pivotal.io>
Poslano: 19. studenog 2019. 18:20
Prima: Mario Ivanac <mario.iva...@est.tech>
Kopija: dev@geode.apache.org <dev@geode.apache.org>
Predmet: Re: Odg: Proposal of new config property "ssl-server-name-extension"

The SSL handshake is done before the Geode handshake.    So additions to the 
Geode handshake protocol will not affect SSL connections since the secure 
socket connection has already been negotiated and the Geode handshake is 
encrypted.

Charlie

On Tue, Nov 19, 2019 at 9:06 AM Mario Ivanac <mario.iva...@est.tech> wrote:
Hi all,

this proposal and ticket are result of mail discussion "Special certificates 
for multisite":

https://lists.apache.org/thread.html/2418dd1b5f9ae812daa48a51a8d2eb252a3c861a890264f47da3a4d3@%3Cdev.geode.apache.org%3E<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.apache.org_thread.html_2418dd1b5f9ae812daa48a51a8d2eb252a3c861a890264f47da3a4d3-40-253Cdev.geode.apache.org-253E&d=DwMF-g&c=lnl9vOaLMzsy2niBC8-h_K-7QJuNJEsFrzdndhuJ3Sw&r=TeO8Y4MHxN-HWthX0kIhmTbHjxbnon-82BZ-g9Q6TDI&m=GG4kW5SuTjSCV707Igt5WbMQyay_8vOtB9nH8cLBgAM&s=PjLj2CJYNHbQUiMKrd-FKMqwbuxVERJifxQWpM4HM8k&e=>


BR,
Mario
________________________________
Šalje: Charlie Black <cbl...@pivotal.io<mailto:cbl...@pivotal.io>>
Poslano: 19. studenog 2019. 17:24
Prima: dev@geode.apache.org<mailto:dev@geode.apache.org> 
<dev@geode.apache.org<mailto:dev@geode.apache.org>>
Predmet: Re: Proposal of new config property "ssl-server-name-extension"

I have read the e-mail and the ticket I am not sure how this field is going
to be used.   Maybe you can expand on the intent of this field.

>From the property "ssl-server-name-extension" it feels like we are
intending to correlate with something presented in the SSL certificate.
It would be great if that was explained plainly for the reader in more
detail.

For now I can only -1.

Charlie

On Tue, Nov 19, 2019 at 3:27 AM Mario Ivanac <mario.iva...@est.tech> wrote:

> Hi geode dev,
>
> as a part of solution for 
> https://issues.apache.org/jira/browse/GEODE-7414<https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_GEODE-2D7414&d=DwMF-g&c=lnl9vOaLMzsy2niBC8-h_K-7QJuNJEsFrzdndhuJ3Sw&r=TeO8Y4MHxN-HWthX0kIhmTbHjxbnon-82BZ-g9Q6TDI&m=GG4kW5SuTjSCV707Igt5WbMQyay_8vOtB9nH8cLBgAM&s=4h7HHiRlRX_Cw8mVGuVfzHgfUbKul07BjaV1CVE3_H8&e=>
> we would like to introduce new config property "ssl-server-name-extension".
>
> This property will contain generic string, which will be added as Server
> Name Indication (SNI) parameter to Client Hello message.
>
> Do you agree with this proposal?
>
> Thanks,
> Mario
>


--
Charlie Black | cbl...@pivotal.io<mailto:cbl...@pivotal.io>


--
Charlie Black | cbl...@pivotal.io<mailto:cbl...@pivotal.io>

Reply via email to