2392400 – [BYOK] [RFE] Cephadm NFS service spec does not support SNI (Server Name Indication) for mTLS

Bug 2392400 - [BYOK] [RFE] Cephadm NFS service spec does not support SNI (Server Name Indication) for mTLS

Summary: [BYOK] [RFE] Cephadm NFS service spec does not support SNI (Server Name Indic...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Cephadm
Sub Component:
Version:	8.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	8.1z3
Assignee:	Adam King
QA Contact:	sumr
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:	2381960
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-01 14:41 UTC by Manisha Saini
Modified:	2025-10-13 17:30 UTC (History)
CC List:	13 users (show)
Fixed In Version:	ceph-19.2.1-261.el9cp; nfs-ganesha-6.5-27.el9cp
Doc Type:	Enhancement
Doc Text:	.New SNI support for mTLS connections Previously, NFS-Ganesha established mTLS connections to the KMIP server using the hostname specified in its configuration. However, the configuration did not support specifying Server Name Indication (SNI) for the mTLS connection. This limitation assumed that the certificate used for mTLS was issued for the same hostname, which is not always the case. This enhancement introduces support for specifying SNI in the mTLS connection used to retrieve KMIP keys. It removes the need for local hostname mapping and improves compatibility with IBM Cloud’s mTLS implementation and similar environments.
Clone Of:	2381960
Environment:
Last Closed:	2025-09-30 09:23:05 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-12038	0	None	None	None	2025-09-01 14:42:56 UTC
Red Hat Product Errata	RHBA-2025:17047	0	None	None	None	2025-09-30 09:23:08 UTC

Description Manisha Saini 2025-09-01 14:41:06 UTC

+++ This bug was initially created as a clone of Bug #2381960 +++

Comment 7 errata-xmlrpc 2025-09-30 09:23:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 8.1 security, bug fix and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2025:17047

Note You need to log in before you can comment on or make changes to this bug.