Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16718

Allow disabling Server Name Indication (SNI) for Jetty

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.3.0, 3.1.4, 3.2.2
    • Component/s: None
    • Labels:
      None

      Description

      As of now, createHttpsChannelConnector() enables SNI by default with Jetty:

          private ServerConnector createHttpsChannelConnector(
              Server server, HttpConfiguration httpConfig) {
            httpConfig.setSecureScheme(HTTPS_SCHEME);
            httpConfig.addCustomizer(new SecureRequestCustomizer());
            ServerConnector conn = createHttpChannelConnector(server, httpConfig);
      

      with the default constructor without any parameters automatically setting sniHostCheck to true:

          public SecureRequestCustomizer()
          {
              this(true);
          }
      

      Proposal: We should make this configurable and probably default this to false.

      Credit: Aravindan Vijayan

        Attachments

        1. HADOOP-16718-v001.patch
          4 kB
          Aravindan Vijayan
        2. HADOOP-16718-branch-3.2-v000.patch
          3 kB
          Aravindan Vijayan

          Activity

            People

            • Assignee:
              avijayan Aravindan Vijayan
              Reporter:
              smeng Siyao Meng
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: