[MXS-6010] Route queries based on TLS SNI - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

If the client sends the hostname in the TLS SNI, select the service based on that. As a fallback, if no TLS SNI is present but connection attributes define _server_host, use that.

The set of services that are reachable from the listener is defined in a new setting named virtual_services which takes a mapping of hostnames to services in MaxScale.

[Listener]

type=listener

port=3306

service=DefaultService

virtual_services=foo.db.com=FooService,bar.db.com=BarService

This way, if a client connects on port 3306 with a TLS connection that sets the SNI value to foo.db.com, the FooService is used. If the client connects to an unknown hostname, the normal behavior of using the service from the service setting is used.

Attachments

Issue Links

is part of

MXS-5976 Select TLS certificate based on the SNI value

Needs Feedback

relates to

CONJ-1282 SNI TLS support

Closed

MDEV-10658 Support TLS SNI in MariaDB

Open

Activity

People

Assignee:: Unassigned

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2025-11-04 12:16

Updated:: 2026-01-21 10:17

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.