jasperjiaguo opened a new pull request #7653: URL: https://github.com/apache/pinot/pull/7653
**<code>release-notes</code>** ## Description 1. Add missing functionality for netty tls truststore/keystore type, so that JKS/PKCS12 keystore can load properly. 2. Switch TLS to native implementation (https://netty.io/wiki/forked-tomcat-native.html). Native method brings less overhead for encryption/decryption. 3. Add authorization endpoint for broker-server netty tls channel. The authorization is performed on server side after handshake completion of the broker-server channel, which can be used for server to check broker's certificate. ## Upgrade Notes Does this PR prevent a zero down-time upgrade? (Assume upgrade order: Controller, Broker, Server, Minion) No Does this PR fix a zero-downtime upgrade introduced earlier? No Does this PR otherwise need attention when creating release notes? Things to consider: - New configuration options ## Release Notes Adding the following configs so that keystore/truststore of different types(JKS/PKCS12/...) can load properly **pinot-controller** controller.tls.keystore.type controller.tls.truststore.type **pinot-broker** pinot.broker.tls.keystore.type pinot.broker.tls.truststore.type **pinot-server** pinot.server.tls.keystore.type pinot.server.tls.truststore.type -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
