You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "xiaotong.wang (Jira)" <ji...@apache.org> on 2020/09/08 11:58:00 UTC
[jira] [Updated] (ZOOKEEPER-3930) Security issues: config
zookeeper.ssl.ciphersuites do not effect for zookeeper client
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
xiaotong.wang updated ZOOKEEPER-3930:
-------------------------------------
Description:
I have set zookeeper.ssl.ciphersuites :TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 in ZKClientConfig ,but when i dump the tcp package , i find the ciphersuites do not match what i set
!image-2020-09-08-19-50-29-453.png|width=471,height=452!
i debug with the code of zookeeper
!image-2020-09-08-19-51-41-970.png!
maybe it need be add
sslEngine.setEnabledCipherSuites(cipherSuites); after red tag 1
cipherSuites can get from clientConfig
was:
I have set zookeeper.ssl.ciphersuites :TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 in ZKClientConfig ,but when i dump the tcp package , i find the ciphersuites do not match what i set
!image-2020-09-08-19-50-29-453.png|width=471,height=452!
i debug with the code of zookeeper
!image-2020-09-08-19-51-41-970.png!
maybe it need be add
sslEngine.setEnabledCipherSuites(cipherSuites); after read tag 1
cipherSuites can get from clientConfig
> Security issues: config zookeeper.ssl.ciphersuites do not effect for zookeeper client
> -------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-3930
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3930
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.5.7, 3.5.8
> Reporter: xiaotong.wang
> Priority: Major
> Attachments: image-2020-09-08-19-50-29-453.png, image-2020-09-08-19-51-41-970.png
>
>
> I have set zookeeper.ssl.ciphersuites :TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 in ZKClientConfig ,but when i dump the tcp package , i find the ciphersuites do not match what i set
> !image-2020-09-08-19-50-29-453.png|width=471,height=452!
> i debug with the code of zookeeper
> !image-2020-09-08-19-51-41-970.png!
> maybe it need be add
> sslEngine.setEnabledCipherSuites(cipherSuites); after red tag 1
> cipherSuites can get from clientConfig
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)