diff options
Diffstat (limited to 'container-core')
-rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index caeaf0bcf0a..4e984d57808 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -143,7 +143,8 @@ public class ConnectorFactory { // TODO Vespa 9 Use default URI compliance (LEGACY == old Jetty 9.4 compliance) httpConfig.setUriCompliance(UriCompliance.LEGACY); if (isSslEffectivelyEnabled(connectorConfig)) { - httpConfig.addCustomizer(new SecureRequestCustomizer()); + // Explicitly disable SNI checking as Jetty's SNI checking trust manager is not part of our SSLContext trust manager chain + httpConfig.addCustomizer(new SecureRequestCustomizer(false, false, -1, false)); } String serverNameFallback = connectorConfig.serverName().fallback(); if (!serverNameFallback.isBlank()) httpConfig.setServerAuthority(new HostPort(serverNameFallback)); |