Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-3665

Default ssl.endpoint.identification.algorithm should be https

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.9.0.1, 0.10.0.0
    • 2.0.0
    • security
    • None

    Description

      The default `ssl.endpoint.identification.algorithm` is `null` which is not a secure default (man in the middle attacks are possible).

      We should probably use `https` instead. A more conservative alternative would be to update the documentation instead of changing the default.

      A paper on the topic (thanks to Ryan Pridgeon for the reference): http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-3667 Improve Section 7.2 Encryption and Authentication using SSL to include proper hostname verification configuration

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1330

          Web Link GitHub Pull Request #4956

          mentioned in

          Page Loading...

          Activity

            People

              rsivaram Rajini Sivaram
              ijuma Ismael Juma
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: