You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by lu...@apache.org on 2022/04/02 15:01:48 UTC

[drill-site] branch master updated: DRILL-8177: Bump default TLS version to 1.3

This is an automated email from the ASF dual-hosted git repository.

luoc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 6aa229b  DRILL-8177: Bump default TLS version to 1.3
6aa229b is described below

commit 6aa229b7a0366c8c36c2544cb55920d6d201b3ab
Author: Rymar Maksym <ri...@gmail.com>
AuthorDate: Sun Mar 27 13:25:10 2022 +0300

    DRILL-8177: Bump default TLS version to 1.3
---
 .../securing-drill/081-configuring-ssl-tls-for-encryption.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md b/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md
index 013bc8c..7678d30 100644
--- a/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md
+++ b/_docs/en/configure-drill/securing-drill/081-configuring-ssl-tls-for-encryption.md
@@ -65,7 +65,7 @@ The following table lists the SSL configuration options with their descriptions
 | Drill Property Name                             | Hadoop Property Name            | System Property Name             | Description                                                                                                                                                                                                                                                                                                                                                                         [...]
 |-------------------------------------------------|---------------------------------|----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ [...]
 | drill.exec.security.user.encryption.ssl.enabled |                                 |                                  | Enable   or disable TLS for Drill client - Drill Server communication. You must set   this option in drill-override.conf.                                                                                                                                                                                                                                                           [...]
-| drill.exec.ssl.protocol                         |                                 |                                  | The   version of the TLS protocol to use                                                                                                                                                                                                                                                                                                                                            [...]
+| drill.exec.ssl.protocol                         |                                 |                                  | The   version of the TLS protocol to use                                                                                                                                                                                                                                                                                                                                            [...]
 | drill.exec.ssl.keyStoreType                     | ssl.server.keystore.type        | javax.net.ssl.keyStoreType       | Format   of the keystore file                                                                                                                                                                                                                                                                                                                                                       [...]
 | drill.exec.ssl.keyStorePath                     | ssl.server.keystore.location    | javax.net.ssl.keyStore           | Location   of the Java keystore file containing the Drillbit’s own certificate and   private key. On Windows, the specified pathname must use forward slashes, /,   in place of backslashes.                                                                                                                                                                                        [...]
 | drill.exec.ssl.keyStorePassword                 | ssl.server.keystore.password    | javax.net.ssl.keyStorePassword   | Password   to access the private key from the keystore file. This password is used   twice: To unlock the keystore file (store password), and to decrypt the   private key stored in the keystore (key password) unless a key password is   specified separately.                                                                                                                   [...]
@@ -93,7 +93,7 @@ The following table lists the parameters that you can include in the jdbc connec
 | trustStorePassword             | string                         | [Optional]   Password to the truststore.                                                                                                                                                                                                                                                                                                                                                                                                 [...]
 | disableHostVerification        | true/false                     | [Optional]   If true, we will not verify that the host in the certificate is the host we   are connecting to.      False by default.     (Hostname verification follows the specification in RFC2818)                                                                                                                                                                                                                                    [...]
 | disableCertificateVerification | true/false                     | [Optional]   If true we will not validate the certificate against the truststore.      False by default.                                                                                                                                                                                                                                                                                                                                 [...]
-| TLSProtocol                    | TLS, TLSV1, TLSv1.1,   TLSv1.2 | [Optional]     Default: TLSv1.2 (recommended)                                                                                                                                                                                                                                                                                                                                                                                            [...]
+| TLSProtocol                    | TLS, TLSV1, TLSv1.1, TLSv1.2, TLSv1.3 | [Optional]     Default: TLSv1.3 (recommended)                                                                                                                                                                                                                                                                                                                                                                                     [...]
 | TLSHandshakeTimeout            | Time in milliseconds           | [Optional]     Default: 10 seconds     In some cases, the TLS handshake may fail and leave the client hanging.   This option sets the time for the client to timeout.                                                                                                                                                                                                                                                                    [...]
 | TLSProvider                    | JDK/OPENSSL                    | [Optional]     Default: JDK     Changes the underlying implementation to the chosen value.                                                                                                                                                                                                                                                                                                                                               [...]
 | useSystemTrustStore            | true/false                     | [Optional, Windows only]     Default: false      If provided, the client will read certificates from the Windows truststore.   In this case, trustStorePath and trustStorePassword, if specified, will be   ignored.      The user should set the default provider in   $JRE_HOME/lib/security/java.security to SunMSCAPI.     The trustStoreType should be set to either Windows-MY or Windows-ROOT.                                    [...]