You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Nikolay Izhikov (Jira)" <ji...@apache.org> on 2020/06/01 08:43:00 UTC
[jira] [Commented] (KAFKA-9320) Enable TLSv1.3 by default and
disable some of the older protocols
[ https://issues.apache.org/jira/browse/KAFKA-9320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17120838#comment-17120838 ]
Nikolay Izhikov commented on KAFKA-9320:
----------------------------------------
I ran the following tests:
* tests/kafkatest/tests/tools/log4j_appender_test.py
* tests/kafkatest/tests/core/upgrade_test.py
* tests/kafkatest/tests/core/mirror_maker_test.py
* tests/kafkatest/tests/core/consumer_group_command_test.py
* tests/kafkatest/sanity_checks/test_console_consumer.py
* tests/kafkatest/benchmarks/core/benchmark_test.py
{noformat}
====================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.7.7
session_id: 2020-05-29--003
run time: 183 minutes 43.112 seconds
tests run: 121
passed: 120
failed: 1
ignored: 0
====================================================================================================
{noformat}
fail:
{noformat}
----------------------------------------------------------------------------------------------------
test_id: kafkatest.tests.core.upgrade_test.TestUpgrade.test_upgrade.from_kafka_version=2.0.1.to_message_format_version=None.compression_types=.none
status: FAIL
run time: 1 minute 21.075 seconds
Kafka server didn't finish startup in 60 seconds
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/ducktape/tests/runner_client.py", line 132, in run
data = self.run_test()
File "/usr/local/lib/python2.7/dist-packages/ducktape/tests/runner_client.py", line 189, in run_test
return self.test_context.function(self.test)
File "/usr/local/lib/python2.7/dist-packages/ducktape/mark/_mark.py", line 428, in wrapper
return functools.partial(f, *args, **kwargs)(*w_args, **w_kwargs)
File "/opt/kafka-dev/tests/kafkatest/tests/core/upgrade_test.py", line 149, in test_upgrade
self.kafka.start()
File "/opt/kafka-dev/tests/kafkatest/services/kafka/kafka.py", line 254, in start
Service.start(self)
File "/usr/local/lib/python2.7/dist-packages/ducktape/services/service.py", line 234, in start
self.start_node(node)
File "/opt/kafka-dev/tests/kafkatest/services/kafka/kafka.py", line 377, in start_node
err_msg="Kafka server didn't finish startup in %d seconds" % timeout_sec)
File "/usr/local/lib/python2.7/dist-packages/ducktape/cluster/remoteaccount.py", line 705, in wait_until
allow_fail=True) == 0, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/ducktape/utils/util.py", line 41, in wait_until
raise TimeoutError(err_msg() if callable(err_msg) else err_msg)
TimeoutError: Kafka server didn't finish startup in 60 seconds
----------------------------------------------------------------------------------------------------
{noformat}
> Enable TLSv1.3 by default and disable some of the older protocols
> -----------------------------------------------------------------
>
> Key: KAFKA-9320
> URL: https://issues.apache.org/jira/browse/KAFKA-9320
> Project: Kafka
> Issue Type: New Feature
> Components: security
> Reporter: Rajini Sivaram
> Priority: Major
> Labels: needs-kip
> Attachments: report.txt
>
>
> KAFKA-7251 added support for TLSv1.3. We should include this in the list of protocols that are enabled by default. We should also disable some of the older protocols that are not secure. This change requires a KIP.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)