Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
8.2
-
None
-
None
Description
The problem for this after upgrading to Jetty 9.4.19 (SOLR-13541). endpointIdentificationAlgorithm changed from null → HTTPS. As a result of this client's hostname (identity) is always get verified on connecting Solr.
This change improved the security level of Solr, since it requires 2 ways identity verifications (client verify server's identity and vice versa). It leads to a problem when only certificate verification is enough (client's hostname is not known ahead) for users.
We should introduce a flag in solr.in.sh to disable client's hostname verification when needed then.
More about this at :
Attachments
Attachments
Issue Links
- is related to
-
SOLR-14163 SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION needs to work with Jetty server/client SSL contexts
- Closed