Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
The cold standby is able to do SSL connections to the primary, but currently only using on-the-fly generated certificates. This means that data is transferred over an encrypted connection but there is no protection against a man in the middle yet.
With this issue we want to:
- make server and client certificates configurable
- optionally validate the client certificate
- optionally only allow matching subjects in client and server certificates
Attachments
Attachments
Issue Links
- relates to
-
OAK-9589 Backport OAK-9451 to oak-1.8
- Resolved
- links to