Can you clarify which connections will use this ssl-server-name-extension as part of the Client Hello? client to locator, client to server, server to server, WAN site to WAN site, ... all of the above?
I'm fine with adding the new property. At some point, I think we need to think about making it easier to plug in custom logic to control the entire socket creation and TLS handshake. I think technically you can take over the whole process if you set the ssl-use-default-context property and then configure the default SSLContext for your entire process, but that is not ideal. -Dan On Tue, Nov 19, 2019 at 8:24 AM Charlie Black <cbl...@pivotal.io> wrote: > I have read the e-mail and the ticket I am not sure how this field is going > to be used. Maybe you can expand on the intent of this field. > > From the property "ssl-server-name-extension" it feels like we are > intending to correlate with something presented in the SSL certificate. > It would be great if that was explained plainly for the reader in more > detail. > > For now I can only -1. > > Charlie > > On Tue, Nov 19, 2019 at 3:27 AM Mario Ivanac <mario.iva...@est.tech> > wrote: > > > Hi geode dev, > > > > as a part of solution for > https://issues.apache.org/jira/browse/GEODE-7414 > > we would like to introduce new config property > "ssl-server-name-extension". > > > > This property will contain generic string, which will be added as Server > > Name Indication (SNI) parameter to Client Hello message. > > > > Do you agree with this proposal? > > > > Thanks, > > Mario > > > > > -- > Charlie Black | cbl...@pivotal.io >
