+1
> On Mar 18, 2020, at 4:13 PM, Dan Smith <dsm...@pivotal.io> wrote:
>
> One addendum to this proposal:
>
> This proposed method of configuring a SNI proxy server requires that the
> client sends the SNI hostname as part of the TLS handshake. In the previous
> proposal we suggested it would only be sent if a SNI Proxy is configured.
> Now we propose that a geode client will *always* send the SNI hostname when
> it initiates a TLS connection to a locator or server.
>
> This will help us implement the SniSocketFactory. It may also help with
> other use cases such as presenting different SSL certificates for different
> hostnames, which is the original reason this SNI hostname is part of TLS.
> The SSLParameterExtension will still take precedence, so I think this
> should not break the original use case for SSLParameterExtension [1]
>
> -Dan
>
> [1]
> https://lists.apache.org/thread.html/0e08a5d0a480115ace6412e16ad45023adf0c29406ec2095a4d19d30%40%3Cdev.geode.apache.org%3E
>
> On Mon, Mar 16, 2020 at 3:33 PM Dan Smith <dsm...@pivotal.io> wrote:
>
>> Hi all,
>>
>> A new RFC is up for this feature
>> https://cwiki.apache.org/confluence/display/GEODE/Client+side+configuration+for+a+SNI+proxy.
>>
>>
>> Please review and comment by this Friday, 3/20/2020.
>>
>> This hopefully addresses some of the concerns with the previous RFC for
>> this feature. The new proposal is for a more general SocketFactory property
>> that users can implement, along the lines of what Jake and Owen suggested.
>>
>> -Dan
>>
