Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-3315

[KafkaSink][KafkaSource] Impossible to disable hostname verification with SSL enryption

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.9.0
    • None
    • None
    • Flume 1.9.0

      Kafka 2.1.0

    Description

      The documentation says :

      Note: By default the property ssl.endpoint.identification.algorithm is not defined, so hostname verification is not performed. In order to enable hostname verification, set the following properties

      a1.sources.source1.kafka.consumer.ssl.endpoint.identification.algorithm=HTTPS

      But with Flume 1.9.0 this is not true anymore because since Kafka 2.0.0 hostname verification is enable by default.

      Notable changes in 2.0.0
      ...
      The default value for ssl.endpoint.identification.algorithm was changed to https, which performs hostname verification (man-in-the-middle attacks are possible otherwise). Set ssl.endpoint.identification.algorithm to an empty string to restore the previous behaviour.

      The problem is that it is impossible to disable hostname verification since flume does not support empty values in configuration (cf FlumeConfiguration.addRawProperty)

      Attachments

        Activity

          People

            Unassigned Unassigned
            jleberre Jérémy LE BERRE
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 10m
                10m