On 7/17/2016 8:13 AM, Sarit Weber wrote: > We noticed that indexing is much faster without SSL, but we can not > remove it from distributed search.
Solr doesn't handle the networking. That's Jetty. Jetty sets up one listening port, and that port either uses SSL or it doesn't. All requests for Solr are handled by that network setup, which is out of Solr's control. To use SSL for one part of the app but not for another part would require that somebody split Solr into *two* applications, and have jetty handle each application with a different TCP port. Then the two applications would need a way to talk to each other. I can almost guarantee that the Solr developers are not going to implement that. You might want to remove SSL from Solr and have your query clients access it via a proxy/loadbalancer that handles the SSL. Because you're looking for this kind of solution, I imagine that the clients that will be indexing are very different clients than the ones that are doing the queries, and that maybe the clients doing the queries are in a network that you do not trust. One final word -- Solr should not be accessible from any network location that you cannot completely trust, especially the Internet. Thanks, Shawn
