Note: lists.cloudfoundry.org will be down for maintenance on Wednesday, October 5th, starting at 9AM Pacific Time (4PM Wednesday October 5, 2022 UTC), for approximately one hour.
Gorouter now supports SNI and multiple certs
On behalf of the CF Routing team, I'm pleased to announce routing-release
This release includes a bunch of exciting features, including our most
- SNI / Multiple Certificates
...as well as:
- Mutual TLS / Validation of Client Certificates
- Forwarding of Client Certificates to backends via the
X-Forwarded-Client-Cert HTTP header, enabling mutual TLS between client and
apps without forfeiting HTTP load balancing. The Java buildpack was
recently updated to support this header, transparently exposing certificate
metadata to apps.
- Max concurrent connections per backend, preventing slow apps from
impacting the availability of the rest of the platform
- 5 second frontend timeout on idle client connections, forcing load
balancers that time out silently to send their clients a TCP Reset.
These features will be included in an upcoming version of cf-release.
Note: this release removes support for properties router.ssl_cert and
router.ssl_key in favor of router.tls_pem, which is required if
Product Manager, Cloud Foundry