[
https://issues.apache.org/jira/browse/SOLR-13798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cao Manh Dat resolved SOLR-13798.
---------------------------------
Fix Version/s: 8.3
Resolution: Fixed
> SSL: Adding Enabling/Disabling client's hostname verification config
> --------------------------------------------------------------------
>
> Key: SOLR-13798
> URL: https://issues.apache.org/jira/browse/SOLR-13798
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 8.2
> Reporter: Cao Manh Dat
> Assignee: Cao Manh Dat
> Priority: Major
> Fix For: 8.3
>
> Attachments: SOLR-13709.patch, SOLR-13709.patch
>
>
> The problem for this after upgrading to Jetty 9.4.19 (SOLR-13541).
> {{endpointIdentificationAlgorithm}} changed from null → HTTPS. As a result of
> this client's hostname (identity) is always get verified on connecting Solr.
> This change improved the security level of Solr, since it requires 2 ways
> identity verifications (client verify server's identity and vice versa). It
> leads to a problem when only certificate verification is enough (client's
> hostname is not known ahead) for users.
> We should introduce a flag in {{solr.in.sh}} to disable client's hostname
> verification when needed then.
> More about this at :
> * https://tools.ietf.org/html/rfc2818#section-3
> * https://github.com/eclipse/jetty.project/issues/3454
> * https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
