You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Nikolay Izhikov (Jira)" <ji...@apache.org> on 2020/01/21 12:41:00 UTC

[jira] [Created] (KAFKA-9460) Enable TLSv1.2 by default and disable all others protocol versions

Nikolay Izhikov created KAFKA-9460:
--------------------------------------

             Summary: Enable TLSv1.2 by default and disable all others protocol versions
                 Key: KAFKA-9460
                 URL: https://issues.apache.org/jira/browse/KAFKA-9460
             Project: Kafka
          Issue Type: Improvement
            Reporter: Nikolay Izhikov
            Assignee: Nikolay Izhikov


In KAFKA-7251 support of TLS1.3 was introduced.

For now, only TLS1.2 and TLS1.3 are recommended for the usage, other versions of TLS considered as obsolete:

https://www.rfc-editor.org/info/rfc8446
https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
But testing of TLS1.3 incomplete, for now.

We should enable actual versions of the TLS protocol by default to provide to the users only secure implementations.

Users can enable obsolete versions of the TLS with the configuration if they want to. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)