[
https://issues.apache.org/jira/browse/NIFI-14858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lars Francke updated NIFI-14858:
--------------------------------
Description:
As of NiFi 2.0 SNI certificates are required and the host must match.
This is a problem for us (and others) when there is for example a load balancer
in front which does not match the host name of NiFi.
Instead of disabling the SNI check by default this makes it configurable.
I propose introducing two new configuration properties:
* nifi.web.https.sni.required (whether a SNI certificate is required)
* nifi.web.https.sni.host.check (whether to check the Host from the SNI
certificate against the incoming request)
was:
As of NiFi 2.0 SNI certificates are required and the host must match.
This is a problem for us (and others) when there is for example a load balancer
in front which does not match the host name of NiFi.
Instead of disabling the SNI check by default this makes it configurable.
> Make SNI checking configurable
> ------------------------------
>
> Key: NIFI-14858
> URL: https://issues.apache.org/jira/browse/NIFI-14858
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 2.5.0
> Reporter: Lars Francke
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As of NiFi 2.0 SNI certificates are required and the host must match.
> This is a problem for us (and others) when there is for example a load
> balancer in front which does not match the host name of NiFi.
> Instead of disabling the SNI check by default this makes it configurable.
>
> I propose introducing two new configuration properties:
> * nifi.web.https.sni.required (whether a SNI certificate is required)
> * nifi.web.https.sni.host.check (whether to check the Host from the SNI
> certificate against the incoming request)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
