yorinasub17
commented
4 years ago is this a common enough setting to add to run-consul for all users?
According to the docs, this is recommended to set to true for any cluster that is configuring RPC encryption:
If verify_server_hostname is set, then outgoing connections perform hostname verification. All servers must have a certificate valid for server.\<datacenter>.\<domain> or the client will reject the handshake. This is a new configuration as of 0.5.1, and it is used to prevent a compromised client from being able to restart in server mode and perform a MITM (Man-In-The-Middle) attack. New deployments should set this to true, and generate the proper certificates, but this is defaulted to false to avoid breaking existing deployments.
So I think this is something we should offer in the core. In fact, I originally wanted to set this to true without an opt-in flag, as a production cluster using RPC encryption should have this included. However, as the docs mention, it breaks existing clusters that don't have the proper certs, so I opted for a feature flag instead to maintain backwards compatibility.
brikis98
This adds support for enabling
verify_server_hostnametotruein the consul server configuration. This is a recommended setting for production consul servers to ensure that agents can't promote themselves to become a server using the client certificate key (ifverify_server_hostnameisfalse, then any certificate that is validated by the RPC CA can become a server).See https://www.consul.io/docs/agent/options#verify_server_hostname for more info.