You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Houston Putman (Jira)" <ji...@apache.org> on 2023/04/11 19:39:00 UTC
[jira] [Commented] (SOLR-16743) Auto reload keystore/truststore on change
[ https://issues.apache.org/jira/browse/SOLR-16743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17711096#comment-17711096 ]
Houston Putman commented on SOLR-16743:
---------------------------------------
There might be an issue with client SSL reloading. Java caches SSL session information, and there is no current way to disable that functionality: https://github.com/eclipse/jetty.project/issues/918#issuecomment-250791417
> Auto reload keystore/truststore on change
> -----------------------------------------
>
> Key: SOLR-16743
> URL: https://issues.apache.org/jira/browse/SOLR-16743
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Server, SolrJ
> Reporter: Houston Putman
> Priority: Major
>
> Currently everyone who uses Solr with SSL must restart their clusters when new certificates are created.
> Jetty comes with an [ssl-reload|https://www.eclipse.org/jetty/documentation/jetty-10/operations-guide/index.html#og-module-ssl-reload] module for reloading the server's keystore.
> For the client we would likely need to reload the truststore, but that requires more investigation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org