You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Ramachandran (Jira)" <ji...@apache.org> on 2023/02/24 06:10:00 UTC

[jira] [Commented] (RANGER-3153) Upgrade to TLS to version 1.2 and above

    [ https://issues.apache.org/jira/browse/RANGER-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17693014#comment-17693014 ] 

Ramachandran commented on RANGER-3153:
--------------------------------------

The following classes are using TLSv1.2 after the fix 
RangerRESTClient
RangerSslHelper
BaseAuditHandler
RemoteUnixLoginModule
DefaultSchemaRegistryClient
NiFiRegistryConnectionMgr
NiFiConnectionMgr

When it comes to SSL connections, we should be using TLSv1.2. Indeed, it's the default SSL protocol for Java 8.
And while Java 7 supports TLSv1.2, the default is TLS v1.0, which is too weak these days.
[https://www.baeldung.com/java-7-tls-v12]

cc >> [~madhan@apache.org] 

>  Upgrade to TLS to version 1.2 and above
> ----------------------------------------
>
>                 Key: RANGER-3153
>                 URL: https://issues.apache.org/jira/browse/RANGER-3153
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Sailaja Polavarapu
>            Assignee: Sailaja Polavarapu
>            Priority: Major
>             Fix For: 3.0.0, 2.2.0
>
>         Attachments: 0001-RANGER-3153-Updated-TLS-version-to-1.2-for-ranger.patch
>
>
> Ranger offers a TLS v1.0 protocol to provide communications security over a computer network. 
> It is recommended to switch all communications to a newer version of the protocol (v 1.2 or 1.3) which is more secure than the older versions.
> Ranger's Admin Unix Auth Service(ranger.unixauth.service.port) runs on port 5151 which found to have TLS 1.0 enabled.
> TLS1.0 needs to be disabled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)