[jboss-jira] [JBoss JIRA] (WFLY-10429) SNI support for https-listeners

Stuart Douglas (JIRA) issues at jboss.org
Wed May 23 01:53:00 EDT 2018 

     [ https://issues.jboss.org/browse/WFLY-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas moved EAP7-1004 to WFLY-10429:
---------------------------------------------

           Project: WildFly  (was: EAP 7 Planning Pilot)
               Key: WFLY-10429  (was: EAP7-1004)
        Issue Type: Feature Request  (was: Requirement)
          Workflow: GIT Pull Request workflow   (was: EAP Agile Workflow 2.0)
       Component/s: Security
                        (was: Security)
                        (was: Undertow)
    Target Release:   (was: 7.2.0.GA)


> SNI support for https-listeners
> -------------------------------
>
>                 Key: WFLY-10429
>                 URL: https://issues.jboss.org/browse/WFLY-10429
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Stuart Douglas
>            Assignee: Stuart Douglas
>              Labels: Previous_RFE
>
> Java 8 has introduced for server side SNI support.  The use case needed is having 1 jboss with more than 1 virtual servers and the customer wants to be able to use a different server certificate for each virtual server
> This may already be underway because of:
>   https://issues.jboss.org/browse/UNDERTOW-750, and
>   Elytron commits that indicate they are thinking about SNI support (org/wildfly/security/ssl/SSLUtils has SNI matcher)
> 2. Who is the customer behind the request?
> American Express (5384240)
> TAM customer: yes
> SRM customer: yes
> Strategic: yes
> 3. What is the nature and description of the request?
> Want SNI support to allow two applications with different hostnames and different certificates. Alternative is having certificates apply to both hostnames.
> 4. Why does the customer need this? (List the business requirements here)
> Avoid having overly broad certificates.
> 5. How would the customer like to achieve this? (List the functional requirements here)
> virtual-server (vhost) configuration should tie into SSL certificates configuration somehow. probably allow one to specify an alias name in the virtual-server element
> 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
> Configure two virtual-servers with different certificates. Verify a SSL client can connect and get the appropriate certificate
> 7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
> UNDERTOW-750 but with Elytron's TLS/SSL consolidation I expect other changes are needed
> 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
> As soon as possible in EAP 7.x



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list