Re: Gorouter now supports SNI and multiple certs

Dieu Cao <dcao@...>


On Aug 9, 2017 6:47 PM, "Shannon Coen" <scoen(a)> wrote:

On behalf of the CF Routing team, I'm pleased to announce routing-release

This release includes a bunch of exciting features, including our most
requested one:
- SNI / Multiple Certificates well as:
- Mutual TLS / Validation of Client Certificates
- Forwarding of Client Certificates to backends via the
X-Forwarded-Client-Cert HTTP header, enabling mutual TLS between client and
apps without forfeiting HTTP load balancing. The Java buildpack was
recently updated to support this header, transparently exposing certificate
metadata to apps.
- Max concurrent connections per backend, preventing slow apps from
impacting the availability of the rest of the platform
- 5 second frontend timeout on idle client connections, forcing load
balancers that time out silently to send their clients a TCP Reset.

These features will be included in an upcoming version of cf-release.

Note: this release removes support for properties router.ssl_cert and
router.ssl_key in favor of router.tls_pem, which is required if router.enable_ssl:


Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

Join { to automatically receive all group messages.