[
https://issues.apache.org/jira/browse/HADOOP-16718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siyao Meng updated HADOOP-16718:
--------------------------------
Description:
As of now, {{createHttpsChannelConnector()}} enables SNI by default with Jetty:
{code}
private ServerConnector createHttpsChannelConnector(
Server server, HttpConfiguration httpConfig) {
httpConfig.setSecureScheme(HTTPS_SCHEME);
httpConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
{code}
with the default constructor without any parameters automatically setting
{{sniHostCheck}} to {{true}}:
{code}
public SecureRequestCustomizer()
{
this(true);
}
{code}
Proposal: We should make this configurable and probably default this to false.
Credit: Aravindan Vijayan
was:
As of now, {{createHttpsChannelConnector()}} enables SNI by default with the
Jetty:
{code}
private ServerConnector createHttpsChannelConnector(
Server server, HttpConfiguration httpConfig) {
httpConfig.setSecureScheme(HTTPS_SCHEME);
httpConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
{code}
with the default constructor without any parameters automatically setting
{{sniHostCheck}} to {{true}}:
{code}
public SecureRequestCustomizer()
{
this(true);
}
{code}
Proposal: We should make this configurable and probably default this to false.
Credit: Aravindan Vijayan
> Allow disabling Server Name Indication (SNI) for Jetty
> ------------------------------------------------------
>
> Key: HADOOP-16718
> URL: https://issues.apache.org/jira/browse/HADOOP-16718
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Siyao Meng
> Priority: Major
>
> As of now, {{createHttpsChannelConnector()}} enables SNI by default with
> Jetty:
> {code}
> private ServerConnector createHttpsChannelConnector(
> Server server, HttpConfiguration httpConfig) {
> httpConfig.setSecureScheme(HTTPS_SCHEME);
> httpConfig.addCustomizer(new SecureRequestCustomizer());
> ServerConnector conn = createHttpChannelConnector(server, httpConfig);
> {code}
> with the default constructor without any parameters automatically setting
> {{sniHostCheck}} to {{true}}:
> {code}
> public SecureRequestCustomizer()
> {
> this(true);
> }
> {code}
> Proposal: We should make this configurable and probably default this to false.
> Credit: Aravindan Vijayan
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
