Hello Mario, I would like to see if having a custom security provider allows you to configure the default SSL context to set the SNI?
>From your proposal, I see that you have implemented a Java Security Provider to provide custom KeyManager implementation which distinguishes certificate based on which the wan-site the peer client is connecting to. How are you configuring this security provider? I am assuming you have some bootstrapping code that inserts your security provider before launching Geode, and also set gemfire property `ssl-use-default-context` to true to let Geode use the default SSL context. Can this bootstrapping code create and configure an SSL context with SNI and set it as default context before launching geode? This may appear as a workaround but the rationale behind `ssl-use-default-context` is to delegate the external environment to configure the SSL context in a required manner and let Geode just use it. Sai On Tue, Nov 19, 2019 at 3:27 AM Mario Ivanac <mario.iva...@est.tech> wrote: > Hi geode dev, > > as a part of solution for https://issues.apache.org/jira/browse/GEODE-7414 > we would like to introduce new config property "ssl-server-name-extension". > > This property will contain generic string, which will be added as Server > Name Indication (SNI) parameter to Client Hello message. > > Do you agree with this proposal? > > Thanks, > Mario >
