[ https://issues.apache.org/jira/browse/SOLR-13798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941070#comment-16941070 ]
ASF subversion and git services commented on SOLR-13798: -------------------------------------------------------- Commit 7350c5031635317c531c2f9249325d304a900772 in lucene-solr's branch refs/heads/master from Cao Manh Dat [ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=7350c50 ] SOLR-13798: SSL: Adding Enabling/Disabling client's hostname verification config > SSL: Adding Enabling/Disabling client's hostname verification config > -------------------------------------------------------------------- > > Key: SOLR-13798 > URL: https://issues.apache.org/jira/browse/SOLR-13798 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 8.2 > Reporter: Cao Manh Dat > Assignee: Cao Manh Dat > Priority: Major > Attachments: SOLR-13709.patch, SOLR-13709.patch > > > The problem for this after upgrading to Jetty 9.4.19 (SOLR-13541). > {{endpointIdentificationAlgorithm}} changed from null → HTTPS. As a result of > this client's hostname (identity) is always get verified on connecting Solr. > This change improved the security level of Solr, since it requires 2 ways > identity verifications (client verify server's identity and vice versa). It > leads to a problem when only certificate verification is enough (client's > hostname is not known ahead) for users. > We should introduce a flag in {{solr.in.sh}} to disable client's hostname > verification when needed then. > More about this at : > * https://tools.ietf.org/html/rfc2818#section-3 > * https://github.com/eclipse/jetty.project/issues/3454 > * https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf) -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org