[HADOOP-16718] Allow disabling Server Name Indication (SNI) for Jetty - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.1
Fix Version/s: 3.3.0, 3.1.4, 3.2.2
Component/s: None
Labels:
None

Target Version/s:

3.3.0, 3.1.4, 3.2.2

Description

As of now, createHttpsChannelConnector() enables SNI by default with Jetty:

    private ServerConnector createHttpsChannelConnector(
        Server server, HttpConfiguration httpConfig) {
      httpConfig.setSecureScheme(HTTPS_SCHEME);
      httpConfig.addCustomizer(new SecureRequestCustomizer());
      ServerConnector conn = createHttpChannelConnector(server, httpConfig);

with the default constructor without any parameters automatically setting sniHostCheck to true:

    public SecureRequestCustomizer()
    {
        this(true);
    }

Proposal: We should make this configurable and probably default this to false.

Credit: Aravindan Vijayan

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-16718-branch-3.2-v000.patch
20/Nov/19 06:52
3 kB
Aravindan Vijayan
HADOOP-16718-v001.patch
23/Nov/19 04:42
4 kB
Aravindan Vijayan

Issue Links

is related to

HDDS-9878 Disable Server Name Indication (SNI) for Jetty

Open

Activity

People

Assignee:: Aravindan Vijayan

Reporter:: Siyao Meng

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Nov/19 22:33

Updated:: 07/Dec/23 17:59

Resolved:: 03/Dec/19 23:55