[
https://issues.apache.org/jira/browse/DISPATCH-2259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ken Giusti updated DISPATCH-2259:
---------------------------------
Fix Version/s: (was: 1.18.0)
1.17.1
> server_name set by Dispatch Router contains illegal characters
> --------------------------------------------------------------
>
> Key: DISPATCH-2259
> URL: https://issues.apache.org/jira/browse/DISPATCH-2259
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Router Node
> Affects Versions: 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.16.1
> Reporter: Kai Hudalla
> Priority: Major
> Fix For: 1.17.1
>
>
> When the dispatch router is configured with an Auth Server Plugin that should
> be accessed via a TLS connection, then the router includes the TLS Server
> Name Indication extension ([https://datatracker.ietf.org/doc/html/rfc6066])
> in its TLS ServerHello message but sets the host_name to a value that is not
> a domain name as mandated by the RFC. Instead, it sets the host_name to a
> combination of the server name and the port configured for the Auth Server
> Plugin. So, for Auth Server Plugin configuration
> ["authServicePlugin",
> { "name": "My Auth Server", "host": "my-auth-server.host}
> ",
> "port": 5671,
> "sslProfile": "external"
> }]
> the host_name set in the server_name extension is
> my-auth-server.host:5671
> which is not a valid domain name.
> The TLS implementation that comes with Java 17 will fail the TLS handshake
> with the dispatch router due to an illegal character in the host_name.
> I believe that this problem may also arise with other outbound connections
> that the router creates.
> FMPOV the port suffix simply needs to be removed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
