This repository has been archived by the owner on Jan 25, 2023. It is now read-only.
v0.7.9
Modules affected
run-consul
Description
- Added a new
--verify-server-hostname
flag torun-consul
that, when set, enables server hostname verification as part of RPC encryption. Each server in Consul should get its own certificate that containsSERVERNAME.DATACENTERNAME.consul
in the hostname or SAN. This prevents an authenticated agent from being converted into a server that streams all data, bypassing ACLs.