You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I want to be able to use Kroxylicious with an upstream cluster that uses TLS.
Describe the solution you'd like
Kroxylicious currently uses plain communications between itself and the upstream clusters. It should allow itself to be configured for the TLS. It must support the configuration of trust anchors (since the integration tests use self-signed certificates, this is a must). It should probably also allow for TLS verification to be disabled to support development use-cases.
Features like TLS client auth and configuration of the cipher suites/protocols could be delivered later.
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered:
)
Fix#375: Support key material common to Kubernetes (PEMs)
Fix: #374: Upstream TLS
- added support for keystore/truststore passwords to come from files too.
- initialise SSLContext once (at virtualcluster's construction), rather than per-connection on the IO thread
Co-authored-by: Sam Barker <[email protected]>
Signed-off-by: Keith Wall <[email protected]>
Is your feature request related to a problem? Please describe.
I want to be able to use Kroxylicious with an upstream cluster that uses TLS.
Describe the solution you'd like
Kroxylicious currently uses plain communications between itself and the upstream clusters. It should allow itself to be configured for the TLS. It must support the configuration of trust anchors (since the integration tests use self-signed certificates, this is a must). It should probably also allow for TLS verification to be disabled to support development use-cases.
Features like TLS client auth and configuration of the cipher suites/protocols could be delivered later.
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: