[
https://issues.apache.org/jira/browse/SOLR-16964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Houston Putman resolved SOLR-16964.
-----------------------------------
Fix Version/s: 9.4
Assignee: Houston Putman
Resolution: Fixed
> sniHostCheck should default to SOLR_SSL_CHECK_PEER_NAME
> -------------------------------------------------------
>
> Key: SOLR-16964
> URL: https://issues.apache.org/jira/browse/SOLR-16964
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Server
> Affects Versions: 9.2
> Reporter: Houston Putman
> Assignee: Houston Putman
> Priority: Major
> Fix For: 9.4
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When we upgraded Solr to Jetty 10, it started doing SNI checks by default. To
> combat this, Tomas added an option to skip SNI Host checking in SOLR-16735. I
> think that this should default to the option already given in
> SOLR_SSL_CHECK_PEER_NAME, which is practically the same check for clients.
> (SNI is a server setting).
> So if we start to set {{solr.jetty.ssl.sniHostCheck}} by default to the value
> that {{SOLR_SSL_CHECK_PEER_NAME}} has, then users will see no issues when
> using Solr as they had been. If users want to separate their server/client
> settings. They can always still provide the {{solr.jetty.ssl.sniHostCheck}}
> option themselves in SOLR_OPTS, which will override the option defaulted by
> Solr.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
