[jira] [Updated] (KAFKA-9460) Enable TLSv1.2 by default and disable all others protocol versions

Nikolay Izhikov (Jira) Tue, 21 Jan 2020 04:42:04 -0800


     [ 
https://issues.apache.org/jira/browse/KAFKA-9460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nikolay Izhikov updated KAFKA-9460:
-----------------------------------
    Component/s: security

> Enable TLSv1.2 by default and disable all others protocol versions
> ------------------------------------------------------------------
>
>                 Key: KAFKA-9460
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9460
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>            Reporter: Nikolay Izhikov
>            Assignee: Nikolay Izhikov
>            Priority: Major
>
> In KAFKA-7251 support of TLS1.3 was introduced.
> For now, only TLS1.2 and TLS1.3 are recommended for the usage, other versions 
> of TLS considered as obsolete:
> https://www.rfc-editor.org/info/rfc8446
> https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development
> But testing of TLS1.3 incomplete, for now.
> We should enable actual versions of the TLS protocol by default to provide to 
> the users only secure implementations.
> Users can enable obsolete versions of the TLS with the configuration if they 
> want to. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KAFKA-9460) Enable TLSv1.2 by default and disable all others protocol versions

Reply via email to