[jira] [Created] (FLUME-3315) [KafkaSink][KafkaSource] Impossible to disable hostname verification with SSL enryption

["Jérémy LE BERRE (JIRA)" <ji...@apache.org>]

Jérémy LE BERRE created FLUME-3315:
--------------------------------------

             Summary: [KafkaSink][KafkaSource] Impossible to disable hostname verification with SSL enryption
                 Key: FLUME-3315
                 URL: https://issues.apache.org/jira/browse/FLUME-3315
             Project: Flume
          Issue Type: Bug
          Components: Configuration, Sinks+Sources
    Affects Versions: 1.9.0
         Environment: Flume 1.9.0

Kafka 2.1.0
            Reporter: Jérémy LE BERRE


The documentation says :
{quote}Note: By default the property {{ssl.endpoint.identification.algorithm}} is not defined, so hostname verification is not performed. In order to enable hostname verification, set the following properties
{code:java}
a1.sources.source1.kafka.consumer.ssl.endpoint.identification.algorithm=HTTPS{code}
{quote}
But with Flume *1.9.0* this is not true anymore because since Kafka 2.0.0 hostname verification is enable by default.
{quote}*+Notable changes in 2.0.0+*
 ...
 The default value for {{ssl.endpoint.identification.algorithm}} was changed to {{https}}, which performs hostname verification (man-in-the-middle attacks are possible otherwise). Set {{ssl.endpoint.identification.algorithm}} to an empty string to restore the previous behaviour.
{quote}
The problem is that it is impossible to disable hostname verification since flume does not support empty values in configuration (cf {{FlumeConfiguration.addRawProperty}})



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org