You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flume.apache.org by GitBox <gi...@apache.org> on 2022/08/24 15:01:03 UTC

[GitHub] [flume] tmgstevens commented on pull request #371: FLUME-3315 fix kafka ssl https verification

tmgstevens commented on PR #371:
URL: https://github.com/apache/flume/pull/371#issuecomment-1225846395

   Thinking this through, the current behaviour is that hostname checking is enabled, since we're using the Kafka 2.0 client already. So if we were to approve this change we'd be adding in a security regression. On that basis, I think we should add in a new property, something along the lines of:
   `a1.channels.channel1.disableTLSHostnameVerification` and if that has been set to true then we can go and set the producer and consumer `ssl.endpoint.identification.algorithm` to blank.
   
   Hope this makes sense, just don't want to make things less secure than they are today, even if that means that our docs are actually wrong.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org