]
Sebastian Łaskawiec reopened ISPN-5721:
---------------------------------------
Add SNI support to the endpoints
--------------------------------
Key: ISPN-5721
URL:
https://issues.jboss.org/browse/ISPN-5721
Project: Infinispan
Issue Type: Feature Request
Components: Security, Server
Affects Versions: 8.0.0.Final
Reporter: Tristan Tarrant
Assignee: Sebastian Łaskawiec
Fix For: 9.0.0.Alpha2, 9.0.0.Final
Openshift Router uses DNS names to perform routing. It is perfectly legal to have this
kind of configuration:
{code}
client 1 --> example.com:11222 -----+> Hotrod server
/
client 2 --> example2.com:11222 /
{code}
In that case the TLS configuration might be problematic (since very often certificates
are issued for a domain name). However it is possible to use [SNI TLS
Extension|https://tools.ietf.org/html/rfc6066#page-6].
The SNI needs to be added to:
* Client's configuration (it needs to modify it's own {{SSLContext}} and add
{{SSLParams}}
* Hotrod server to support SNI (with Netty)
* XML Configuration for Hotrod