You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Jean-Daniel Cryans (JIRA)" <ji...@apache.org> on 2017/08/25 21:37:00 UTC

[jira] [Updated] (KUDU-1921) Add ability for clients to require authentication/encryption

     [ https://issues.apache.org/jira/browse/KUDU-1921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Daniel Cryans updated KUDU-1921:
-------------------------------------
    Target Version/s: 1.6.0  (was: 1.5.0)

> Add ability for clients to require authentication/encryption
> ------------------------------------------------------------
>
>                 Key: KUDU-1921
>                 URL: https://issues.apache.org/jira/browse/KUDU-1921
>             Project: Kudu
>          Issue Type: Improvement
>          Components: client, security
>    Affects Versions: 1.3.0
>            Reporter: Todd Lipcon
>            Priority: Critical
>
> Currently, the clients always operate in "optional" mode for authentication and encryption. This means that they are vulnerable to downgrade attacks by a MITM. We should provide APIs so that clients can be configured to prohibit downgrade when connecting to clusters they know to be secure.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)