Details
-
New Feature
-
Status: Open
-
Low
-
Resolution: Unresolved
-
None
Description
Currently the way SSL certificate hot reloading is implemented, it only applies the new certificates to new connections. Open connections are not terminated. Immediate termination of these connections is undesirable as it will cause a thundering herd problem. We need a way to gradually drain existing connections so that the new SSL certificates are used by all connections.