[jboss-jira] [JBoss JIRA] (WFCORE-3873) SNI support for https-listeners

Stuart Douglas (JIRA) issues at jboss.org
Wed May 23 01:54:00 EDT 2018 

     [ https://issues.jboss.org/browse/WFCORE-3873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas moved WFLY-10429 to WFCORE-3873:
-----------------------------------------------

        Project: WildFly Core  (was: WildFly)
            Key: WFCORE-3873  (was: WFLY-10429)
    Component/s: Security
                     (was: Security)


> SNI support for https-listeners
> -------------------------------
>
>                 Key: WFCORE-3873
>                 URL: https://issues.jboss.org/browse/WFCORE-3873
>             Project: WildFly Core
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Stuart Douglas
>            Assignee: Stuart Douglas
>              Labels: Previous_RFE
>
> Java 8 has introduced for server side SNI support.  The use case needed is having 1 jboss with more than 1 virtual servers and the customer wants to be able to use a different server certificate for each virtual server
> This may already be underway because of:
>   https://issues.jboss.org/browse/UNDERTOW-750, and
>   Elytron commits that indicate they are thinking about SNI support (org/wildfly/security/ssl/SSLUtils has SNI matcher)
> 2. Who is the customer behind the request?
> American Express (5384240)
> TAM customer: yes
> SRM customer: yes
> Strategic: yes
> 3. What is the nature and description of the request?
> Want SNI support to allow two applications with different hostnames and different certificates. Alternative is having certificates apply to both hostnames.
> 4. Why does the customer need this? (List the business requirements here)
> Avoid having overly broad certificates.
> 5. How would the customer like to achieve this? (List the functional requirements here)
> virtual-server (vhost) configuration should tie into SSL certificates configuration somehow. probably allow one to specify an alias name in the virtual-server element
> 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
> Configure two virtual-servers with different certificates. Verify a SSL client can connect and get the appropriate certificate
> 7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
> UNDERTOW-750 but with Elytron's TLS/SSL consolidation I expect other changes are needed
> 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
> As soon as possible in EAP 7.x



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list