[ https://issues.apache.org/jira/browse/ARTEMIS-1919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Bertram reassigned ARTEMIS-1919: --------------------------------------- Assignee: Justin Bertram > artemis-core-client TLS SNI and verifyHost operation are not independent > ------------------------------------------------------------------------ > > Key: ARTEMIS-1919 > URL: https://issues.apache.org/jira/browse/ARTEMIS-1919 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker > Affects Versions: 2.6.0 > Environment: Fedora 27 > OpenJDK 1.8.0_171 > Artemis master i.e. 2.7.0-SNAPSHOT build > OCP 3.9 running the default haproxy implementation > Reporter: Roddie Kieley > Assignee: Justin Bertram > Priority: Major > Fix For: 2.7.0, 2.6.4 > > > In testing connecting to the broker using the core client via ./bin/artemis > producer through a haproxy configured with a tls passthrough configuration > that requires sni it is observed that SNI information is not passed unless > verifyHost is true even if sniHost is set on the URI. > It is noted that with sniHost specified at the haproxy waypoint the if > verifyHost=false haproxy bounces the traffic to the no sni backend. If > verifyHost=true then haproxy passes it to the tcp backend and the traffic > reaches the broker at which point the connectivity fails. > As a point of comparison, testing using the Qpid JMS client over AMQP with > verifyHost = false this works without problem. -- This message was sent by Atlassian JIRA (v7.6.3#76005)