Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-18163

Certificate expiration - Allow TLSHandshakeTimeShift to be specified for common orderer server port.

    XMLWordPrintable

Details

    • Unset
    • Unset
    • Unset

    Description

      Today, you may specify 'TLSHandshakeTimeShift' in the cluster configuration of the orderer to work around expired TLS certificates to allow the orderer to restart with quorum even when TLS certificates have expired.

      However, this config variable only applies when there is a separate cluster port listener involved.  When the cluster port is shared with the standard orderer port, this option is ignored.

      This story is to expose a similar config option for the general TLS options of the orderer, to be applied to the standard orderer TLS listener.  In the event that a separate cluster port is utilized, then the setting in the cluster settings should take precedence.

      Attachments

        Issue Links

          Activity

            People

              jyellick Jason Yellick
              jyellick Jason Yellick
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: