https://bz.apache.org/bugzilla/show_bug.cgi?id=57108
--- Comment #12 from Mark Thomas <ma...@apache.org> --- Keeping the config at the connector level is probably the way to go. There are weird and wonderful configuration possibilities like one Connector on one interface with one set of certs for internal users and another connector on another interface with another set of certs for external users that share the same hosts. I think we should keep the TLS cert <-> host name mapping completely independent from the Host <-> host name mapping. Most folks will have them aligned but some will want to do soemthign different. Using <Alias>...</Alias> should allow some config copy/paste for those that want to. SNI is mandatory for HTTP/2 so this has just jumped to the top of my TODO list. I'm thinking along the lines of the the configuration style in comment#7. I've also been thinking about trying to merge the JSSE and OpenSSL configuration attributes. I'm not sure if it will work but the idea is to deprecate setting these on the connector and add a defaultTLSAlias="" element to the Connector that references the cert to use if nothing else matches. If the existing configuration attributes are used on the Connector then they are mapped to a TLSAlias element with a pre-defined name (probably default or something similar), along with a deprecated config warning. I don't know how feasible this merging plan is but if it works, in addition to simpler config, it should allow further simplification of the Http11*Protocol implementations. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
