Odg: Odg: Proposal of new config property "ssl-server-name-extension"

Hi, I agree with your proposal/question, and implementation will follow it. BR, Mario Šalje: Jens Deppe Poslano: 9. prosinca 2019. 15:55 Prima: dev@geode.apache.org Predmet: Re: Odg: Proposal of new config property "ssl-server-name-extension" Hi Mar

Re: Odg: Proposal of new config property "ssl-server-name-extension"

Hi Mario, I did have a question / suggestion about this proposal (possibly on a different thread). Would you mind responding to that before proceeding please. I'll just paste it in here too. > Jens Deppe > Tue, Nov 19, 4:42 PM > to dev > I'd like to add my comment from the original PR here agai

Odg: Proposal of new config property "ssl-server-name-extension"

Hi, Since this proposal is open for almost three weeks, and we have 2 plus one, We will continue with proposed solution. Regards, Mario Šalje: Mario Ivanac Poslano: 19. studenog 2019. 12:26 Prima: dev@geode.apache.org Predmet: Proposal of new config property "

Odg: Proposal of new config property "ssl-server-name-extension"

Hi Sai, The security provider main class is configured through a java security file: -Djava.security.properties=custom-security.file Where we set: security.provider.1=my.security.provider.class The security provider is packaged as a .jar and added to the classpath. The security provider

Odg: Proposal of new config property "ssl-server-name-extension"

Hi, regarding your questions: >>Mario, are there any limitations that should be understood about the types of certificates used or how they're generated?<< There is no limitations. >>Do you have the freedom to use certificate chaining and have the root CA in >>each component's truststore?<<

Odg: Proposal of new config property "ssl-server-name-extension"

Hi, all connections will use ssl-server-name-extension as part of Client Hello. BR, Mario Šalje: Dan Smith Poslano: 19. studenog 2019. 22:17 Prima: dev@geode.apache.org Predmet: Re: Proposal of new config property "ssl-server-name-extension" Can you clarify whi

Re: Odg: Odg: Proposal of new config property "ssl-server-name-extension"

. studenog 2019. 18:20 > *Prima:* Mario Ivanac > *Kopija:* dev@geode.apache.org > *Predmet:* Re: Odg: Proposal of new config property > "ssl-server-name-extension" > > The SSL handshake is done *before* the Geode handshake.So additions > to the Geode handshake prot

Odg: Odg: Proposal of new config property "ssl-server-name-extension"

Prima: Mario Ivanac Kopija: dev@geode.apache.org Predmet: Re: Odg: Proposal of new config property "ssl-server-name-extension" The SSL handshake is done before the Geode handshake.So additions to the Geode handshake protocol will not affect SSL connections since the secu

Re: Odg: Proposal of new config property "ssl-server-name-extension"

The SSL handshake is done *before* the Geode handshake.So additions to the Geode handshake protocol will not affect SSL connections since the secure socket connection has already been negotiated and the Geode handshake is encrypted. Charlie On Tue, Nov 19, 2019 at 9:06 AM Mario Ivanac wrote:

Odg: Proposal of new config property "ssl-server-name-extension"

Hi all, this proposal and ticket are result of mail discussion "Special certificates for multisite": https://lists.apache.org/thread.html/2418dd1b5f9ae812daa48a51a8d2eb252a3c861a890264f47da3a4d3@%3Cdev.geode.apache.org%3E BR, Mario Šalje: Charlie Black Poslano