Hello Mario,
I would like to see if having a custom security provider allows you to
configure the default SSL context to set the SNI?
>From your proposal, I see that you have implemented a Java Security
Provider to provide custom KeyManager implementation which distinguishes
certificate based on
Thank you for the reference to the other thread, Jens. I hope my questions
aren't too late in the process.
Mario, are there any limitations that should be understood about the types
of certificates used or how they're generated? Do you have the freedom to
use certificate chaining and have the root
This thread contains more background on the reasons for this proposal:
https://lists.apache.org/thread.html/2418dd1b5f9ae812daa48a51a8d2eb252a3c861a890264f47da3a4d3@%3Cdev.geode.apache.org%3E
On Wed, Nov 20, 2019 at 10:46 AM Ivan Godwin wrote:
> I've reviewed the PR and I believe I understand th
I've reviewed the PR and I believe I understand the use case, but I feel a
bit uncomfortable with the misuse of SNI. As I understand it, and as it has
been already mentioned, SNI is used to determine which SSL certificate
should be presented to a client.
I think that CLIENT_HELLO_EXTENSION should
I'd like to add my comment from the original PR here again:
Although I support the particular use case, I would prefer the
implementation being a bit more abstracted. Specifically, if we provided an
extension point which would allow modification of SSLParameters then we
wouldn't be coupling to a
Can you clarify which connections will use this ssl-server-name-extension
as part of the Client Hello? client to locator, client to server, server to
server, WAN site to WAN site, ... all of the above?
I'm fine with adding the new property.
At some point, I think we need to think about making it
I have read the e-mail and the ticket I am not sure how this field is going
to be used. Maybe you can expand on the intent of this field.
>From the property "ssl-server-name-extension" it feels like we are
intending to correlate with something presented in the SSL certificate.
It would be great
+1
On 11/19/19 3:26 AM, Mario Ivanac wrote:
Hi geode dev,
as a part of solution for https://issues.apache.org/jira/browse/GEODE-7414
we would like to introduce new config property "ssl-server-name-extension".
This property will contain generic string, which will be added as Server Name
Indica
