GatewayTransportFilters can break SSL enabled WAN
Article ID: 294365
Updated On:
Products
VMware Tanzu Gemfire
Issue/Introduction
A
GatewayTransportFilter processes the TCP stream that sends events from one Tanzu GemFire cluster to another over a WAN. Typically this is done to encrypt or compress the data to be distributed. This re-encoding of the TCP stream can break the TLS/SSL handshake and prevent the gateway sender from connecting.Environment
Product Version: 9.9
Resolution
Since TLS/SSL already compresses and encrypts packets of data sent over the WAN connection, this is redundant (and in fact possibly counterproductive even if it were to work, because re-compressing compressed data can have an opposite effect). Hence, the best solution when using TLS/SSL with WAN is simply to remove any
GatewayTransportFilters from the configuration.Feedback
Yes
No
Powered by
