[ 
https://issues.apache.org/jira/browse/SOLR-16964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Houston Putman resolved SOLR-16964.
-----------------------------------
    Fix Version/s: 9.4
         Assignee: Houston Putman
       Resolution: Fixed

> sniHostCheck should default to SOLR_SSL_CHECK_PEER_NAME
> -------------------------------------------------------
>
>                 Key: SOLR-16964
>                 URL: https://issues.apache.org/jira/browse/SOLR-16964
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Server
>    Affects Versions: 9.2
>            Reporter: Houston Putman
>            Assignee: Houston Putman
>            Priority: Major
>             Fix For: 9.4
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When we upgraded Solr to Jetty 10, it started doing SNI checks by default. To 
> combat this, Tomas added an option to skip SNI Host checking in SOLR-16735. I 
> think that this should default to the option already given in 
> SOLR_SSL_CHECK_PEER_NAME, which is practically the same check for clients. 
> (SNI is a server setting).
> So if we start to set {{solr.jetty.ssl.sniHostCheck}} by default to the value 
> that {{SOLR_SSL_CHECK_PEER_NAME}} has, then users will see no issues when 
> using Solr as they had been. If users want to separate their server/client 
> settings. They can always still provide the {{solr.jetty.ssl.sniHostCheck}} 
> option themselves in SOLR_OPTS, which will override the option defaulted by 
> Solr.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to