[
https://issues.apache.org/jira/browse/HDDS-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siyao Meng updated HDDS-9878:
-----------------------------
Summary: Disable Server Name Indication (SNI) for Jetty (was: Disabe
Server Name Indication (SNI) for Jetty)
> Disable Server Name Indication (SNI) for Jetty
> ----------------------------------------------
>
> Key: HDDS-9878
> URL: https://issues.apache.org/jira/browse/HDDS-9878
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Priority: Major
>
> In a cluster I noticed error messages that indicates a potential issue
> related to SNI, similar to what's described in HADOOP-16718.
>
> Server Name Indication (SNI) was added as an extension to the TLS protocol
> that lets clients request a public certificate for a specific host name is
> returned.
> This feature was added primarily for virtual hosting scenarios where a client
> may connect to the same IP to connect to one of many virtual hosted servers.
> Currently, our servers have no use for this feature as we do not support such
> a virtual hosting scenario.
> If the server's JKS file has a private/public key/cert pairing that is valid
> but it also has another *trustedCertEntry* certificate that has the hostname
> in subjectAltName extension, the trusted cert gets picked.
>
> It sounds like we can port the fix in HADOOP-16718 into Ozone.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
