]
Stuart Douglas moved WFLY-10429 to WFCORE-3873:
-----------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-3873 (was: WFLY-10429)
Component/s: Security
(was: Security)
SNI support for https-listeners
-------------------------------
Key: WFCORE-3873
URL:
https://issues.jboss.org/browse/WFCORE-3873
Project: WildFly Core
Issue Type: Feature Request
Components: Security
Reporter: Stuart Douglas
Assignee: Stuart Douglas
Labels: Previous_RFE
Java 8 has introduced for server side SNI support. The use case needed is having 1 jboss
with more than 1 virtual servers and the customer wants to be able to use a different
server certificate for each virtual server
This may already be underway because of:
https://issues.jboss.org/browse/UNDERTOW-750, and
Elytron commits that indicate they are thinking about SNI support
(org/wildfly/security/ssl/SSLUtils has SNI matcher)
2. Who is the customer behind the request?
American Express (5384240)
TAM customer: yes
SRM customer: yes
Strategic: yes
3. What is the nature and description of the request?
Want SNI support to allow two applications with different hostnames and different
certificates. Alternative is having certificates apply to both hostnames.
4. Why does the customer need this? (List the business requirements here)
Avoid having overly broad certificates.
5. How would the customer like to achieve this? (List the functional requirements here)
virtual-server (vhost) configuration should tie into SSL certificates configuration
somehow. probably allow one to specify an alias name in the virtual-server element
6. For each functional requirement listed, specify how Red Hat and the customer can test
to confirm the requirement is successfully implemented.
Configure two virtual-servers with different certificates. Verify a SSL client can
connect and get the appropriate certificate
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
UNDERTOW-750 but with Elytron's TLS/SSL consolidation I expect other changes are
needed
8. Does the customer have any specific timeline dependencies and which release would they
like to target (i.e. RHEL5, RHEL6)?
As soon as possible in EAP 7.x