[HADOOP-16718] Allow disabling Server Name Indication (SNI) for Jetty - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Attach files

Attach Screenshot

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.1
Fix Version/s: 3.3.0, 3.1.4, 3.2.2
Component/s: None
Labels:
None

Target Version/s:

3.3.0, 3.1.4, 3.2.2

Description

As of now, createHttpsChannelConnector() enables SNI by default with Jetty:

    private ServerConnector createHttpsChannelConnector(
        Server server, HttpConfiguration httpConfig) {
      httpConfig.setSecureScheme(HTTPS_SCHEME);
      httpConfig.addCustomizer(new SecureRequestCustomizer());
      ServerConnector conn = createHttpChannelConnector(server, httpConfig);

with the default constructor without any parameters automatically setting sniHostCheck to true:

    public SecureRequestCustomizer()
    {
        this(true);
    }

Proposal: We should make this configurable and probably default this to false.

Credit: Aravindan Vijayan

Attachments

HADOOP-16718-branch-3.2-v000.patch
20/Nov/19 06:52
3 kB
Aravindan Vijayan
HADOOP-16718-v001.patch
23/Nov/19 04:42
4 kB
Aravindan Vijayan

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Aravindan Vijayan Assign to me

Reporter:: Siyao Meng

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Nov/19 22:33

Updated:: 04/Dec/19 01:00

Resolved:: 03/Dec/19 23:55

Agile

View on Board

Allow disabling Server Name Indication (SNI) for Jetty

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment