[ https://issues.apache.org/jira/browse/SOLR-13798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cao Manh Dat resolved SOLR-13798. --------------------------------- Fix Version/s: 8.3 Resolution: Fixed > SSL: Adding Enabling/Disabling client's hostname verification config > -------------------------------------------------------------------- > > Key: SOLR-13798 > URL: https://issues.apache.org/jira/browse/SOLR-13798 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 8.2 > Reporter: Cao Manh Dat > Assignee: Cao Manh Dat > Priority: Major > Fix For: 8.3 > > Attachments: SOLR-13709.patch, SOLR-13709.patch > > > The problem for this after upgrading to Jetty 9.4.19 (SOLR-13541). > {{endpointIdentificationAlgorithm}} changed from null → HTTPS. As a result of > this client's hostname (identity) is always get verified on connecting Solr. > This change improved the security level of Solr, since it requires 2 ways > identity verifications (client verify server's identity and vice versa). It > leads to a problem when only certificate verification is enough (client's > hostname is not known ahead) for users. > We should introduce a flag in {{solr.in.sh}} to disable client's hostname > verification when needed then. > More about this at : > * https://tools.ietf.org/html/rfc2818#section-3 > * https://github.com/eclipse/jetty.project/issues/3454 > * https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf) -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org