You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/01/22 17:31:00 UTC

[jira] [Commented] (KAFKA-9460) Enable TLSv1.2 by default and disable all others protocol versions

    [ https://issues.apache.org/jira/browse/KAFKA-9460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17021304#comment-17021304 ] 

ASF GitHub Bot commented on KAFKA-9460:
---------------------------------------

nizhikov commented on pull request #7998: KAFKA-9460: Enable TLSv1.2 by default and disable all others protocol versions
URL: https://github.com/apache/kafka/pull/7998
 
 
   This PR by default disable all SSL protocols except TLSv1.2.
   Changes discussed in KIP-553.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Enable TLSv1.2 by default and disable all others protocol versions
> ------------------------------------------------------------------
>
>                 Key: KAFKA-9460
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9460
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>            Reporter: Nikolay Izhikov
>            Assignee: Nikolay Izhikov
>            Priority: Major
>              Labels: needs-kip
>
> In KAFKA-7251 support of TLS1.3 was introduced.
> For now, only TLS1.2 and TLS1.3 are recommended for the usage, other versions of TLS considered as obsolete:
> https://www.rfc-editor.org/info/rfc8446
> https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
> But testing of TLS1.3 incomplete, for now.
> We should enable actual versions of the TLS protocol by default to provide to the users only secure implementations.
> Users can enable obsolete versions of the TLS with the configuration if they want to. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)